On Sunday 25 May 2008 16:20:53 Marco Guazzone wrote:
> Hi Anne,
>
Hi, Marco. Please don't top-post. It upsets a lot of people, and, more
importantly, makes threads difficult to follow.
> Set SE troubleshootd says to run:
>
> $ restorecon -v '/usr/sbin/pppd'
>
> I've tried but no hope. Same error.
>
> Here below is the detailed SElinux error:
>
> --- [snip] ---
> *Summary*
> SELinux is preventing ifup-ppp (usernetctl_t) "getattr" to /usr/sbin/pppd
> (pppd_exec_t).
>
> *Detailed Description*
> SELinux denied access requested by ifup-ppp. It is not expected that this
> access is required by ifup-ppp and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration of
> the application is causing it to require additional access.
>
> *Allowing Access*
> Sometimes labeling problems can cause SELinux denials. You could try to
> restore the default system file context for /usr/sbin/pppd,
>
> restorecon -v '/usr/sbin/pppd'
>
> If this does not work, there is currently no automatic way to allow this
> access. Instead, you can generate a local policy module to allow this
> access - see FAQ Or you can disable SELinux protection altogether.
> Disabling SELinux protection is not recommended. Please file a bug report
> against this package.
>
> *Additional Information*
> Source Context: unconfined_u:unconfined_r:usernetctl_t:s0-s0:c0.c1023
> Target Context: system_u:object_r:pppd_exec_t:s0
> Target Objects: /usr/sbin/pppd [ file ]
> Source: ifup-ppp
> Source Path: /bin/bash
> Port: <Unknown>
> Host: backtrack
> Source RPM Packages: bash-3.2-22.fc9
> Target RPM Packages: ppp-2.4.4-7.fc9
> Policy RPM: selinux-policy-3.3.1-51.fc9
> Selinux Enabled: True
> Policy Type: targeted
> MLS Enabled: True
> Enforcing Mode: Enforcing
> Plugin Name: catchall_file
> Host Name: backtrack
> Platform: Linux backtrack 2.6.25.3-18.fc9.x86_64 #1 SMP Tue May 13
> 04:54:47 EDT 2008 x86_64 x86_64
> Alert Count: 5
> First Seen: Sat 24 May 2008 09:34:44 AM CEST
> Last Seen: Sun 25 May 2008 05:12:11 PM CEST
> Local ID: 2d7c3d51-e43f-4791-b453-3d32e6239030
> Line Numbers:
> Raw Audit Messages :
> host=backtrack type=AVC msg=audit(1211728331.28:175): avc: denied {
> getattr } for pid=25519 comm="ifup-ppp" path="/usr/sbin/pppd" dev=sda5
> ino=19009 scontext=unconfined_u:unconfined_r:usernetctl_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
> host=backtrack type=SYSCALL msg=audit(1211728331.28:175): arch=c000003e
> syscall=4 success=no exit=-13 a0=16a40a0 a1=7fff2f3aea90 a2=7fff2f3aea90
> a3=8 items=0 ppid=20794 pid=25519 auid=500 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 ses=1 comm="ifup-ppp"
> exe="/bin/bash" subj=unconfined_u:unconfined_r:usernetctl_t:s0-s0:c0.c1023
> key=(null) --- [/snip] ---
>
> And this is my ifcfg-DSL script:
> --- [snip] ---
> # Please read /usr/share/doc/initscripts-*/sysconfig.txt
> # for the documentation of these parameters.
> TYPE=xDSL
> DEVICE=ppp0
> BOOTPROTO=dialup
> USERCTL=yes
> PEERDNS=yes
> IPV6INIT=no
> PIDFILE=/var/run/pppoe-adsl.pid
> FIREWALL=NONE
> PING=.
> PPPOE_TIMEOUT=80
> LCP_FAILURE=3
> LCP_INTERVAL=20
> CLAMPMSS=1412
> CONNECT_POLL=6
> CONNECT_TIMEOUT=60
> PERSIST=no
> SYNCHRONOUS=no
> DEFROUTE=yes
> USER='xxx@xxxxxxx'
> ETH=eth0
> PROVIDER=DSL
> DEMAND=no
> NM_CONTROLLED=no
> ONBOOT=no
> --- [/snip] ---
>
Your best bet, then, is to file a bug report. You should get a response
pretty quickly.
Anne
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
