I'm having issues with my network manager and my SELinux. I'd rather not disable SELinux, but I can't seem to get the "exception" to work (mostly 'cause that's about 10 grades above my linux knowledge level, lol)
I'm running Fedora 8 with the latest kernel, and fully updated SELinux and Network Manager.
When my system connects to the network, I get the "You are now connected" and the "AVC Denial" message the same time. Now, since the internet works on it, I'm half inclined to say that if it's not broke don't fix it, but I can sense this being an issue in the future. I'll spit the output from the message out:
-------------------------------------------------------------------------------------
Summary:
SELinux is preventing NetworkManager (NetworkManager_t) "execute" to ./nscd
(nscd_exec_t).
Detailed Description:
SELinux denied access requested by NetworkManager. It is not expected that this
access is required by NetworkManager and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./nscd,
restorecon -v './nscd'
If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(
http://fedora.redhat.com/docs/selinu...fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:object_r:nscd_exec_t:s0
Target Objects ./nscd [ file ]
Source nscd
Source Path /usr/sbin/nscd
Port <Unknown>
Host localhost.localdomain
Source RPM Packages NetworkManager-0.7.0-0.11.svn4022.4.fc8
Target RPM Packages
Policy RPM selinux-policy-3.0.8-123.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.26.6-49.fc8 #1 SMP
Fri Oct 17 15:59:36 EDT 2008 i686 i686
Alert Count 44
First Seen Sun 09 Nov 2008 09:04:32 AM EST
Last Seen Wed 26 Nov 2008 10:17:03 AM EST
Local ID 59b47ef6-b85d-40b2-97b8-e04ce44e93d5
Line Numbers
Raw Audit Messages
host=localhost.localdomain type=AVC msg=audit(1227712623.830:16): avc: denied { execute } for pid=3386 comm="NetworkManager" name="nscd" dev=dm-0 ino=5250715 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:nscd_exec_t:s0 tclass=file
host=localhost.localdomain type=SYSCALL msg=audit(1227712623.830:16): arch=40000003 syscall=11 success=no exit=-13 a0=8d99368 a1=8da7b58 a2=bf932700 a3=0 items=0 ppid=2917 pid=3386 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 key=(null)
------------------------------------------------------------------------------------
Anyone have any ideas on the SPECIFICS of how I create an exception? I tried going to the website, but it's just over my head. When it comes to this, I'm still learning, so I need to be talked to like I'm five years old, lol. The issue is that I just don't know which file to edit, how to get to it, or what to make it look like...
I appreciate any assistance!
~Justin
Linear Mode
