Re: network-scripts problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> 
> 
> --- On Tue, 2/17/09, Antonio Olivares <olivares14031@xxxxxxxxx> wrote:
> 
>> From: Antonio Olivares <olivares14031@xxxxxxxxx>
>> Subject: network-scripts problem
>> To: fedora-list@xxxxxxxxxx
>> Cc: fedora-selinux-list@xxxxxxxxxx
>> Date: Tuesday, February 17, 2009, 7:43 AM
>> Dear fellow testers, 
>>
>> I encountered network functions/network-scripts problem :(
>>
>> [root@localhost ~]# dhclient eth0
>> Missing /etc/sysconfig/network-scripts/network-functions,
>> exiting.
>> Missing /etc/sysconfig/network-scripts/network-functions,
>> exiting.
>> Missing /etc/sysconfig/network-scripts/network-functions,
>> exiting.
>> ^C                                                         
>>       
>> [root@localhost ~]# restorecon -v 'network-scripts'
>>               
>> restorecon:  stat error on network-scripts:  No such file
>> or directory
>> [root@localhost ~]# restorecon -v network-scripts
>> restorecon:  stat error on network-scripts:  No such file
>> or directory
>> [root@localhost ~]# dhclient eth0                   
>> Missing /etc/sysconfig/network-scripts/network-functions,
>> exiting.
>> ^C                                                         
>>       
>> You have new mail in /var/spool/mail/root                  
>>       
>> [root@localhost ~]# service network status                 
>>       
>> Configured devices:                                        
>>       
>> lo eth0 eth1                                               
>>       
>> Currently active devices:
>> lo eth1 eth0
>> [root@localhost ~]# service network restart
>> Shutting down interface eth0:                             
>> [  OK  ]
>> Shutting down interface eth1:                             
>> [  OK  ]
>> Shutting down loopback interface:                         
>> [  OK  ]
>> Disabling IPv4 packet forwarding:  net.ipv4.ip_forward = 0
>>                                                           
>> [  OK  ]
>> Bringing up loopback interface:                           
>> [  OK  ]
>> Bringing up interface eth0:
>> Determining IP information for eth0...Missing
>> /etc/sysconfig/network-scripts/network-functions, exiting.
>> ^C
>>
>> Got also greeted by selinux alert:
>>
>>
>> Summary:
>>
>> SELinux is preventing dhclient-script (dhcpc_t)
>> "search" to network-scripts
>> (net_conf_t).
>>
>> Detailed Description:
>>
>> SELinux denied access requested by dhclient-script. It is
>> not expected that this
>> access is required by dhclient-script and this access may
>> signal an intrusion
>> attempt. It is also possible that the specific version or
>> configuration of the
>> application is causing it to require additional access.
>>
>> Allowing Access:
>>
>> Sometimes labeling problems can cause SELinux denials. You
>> could try to restore
>> the default system file context for network-scripts,
>>
>> restorecon -v 'network-scripts'
>>
>> If this does not work, there is currently no automatic way
>> to allow this access.
>> Instead, you can generate a local policy module to allow
>> this access - see FAQ
>> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)
>> Or you can disable
>> SELinux protection altogether. Disabling SELinux protection
>> is not recommended.
>> Please file a bug report
>> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>> against this package.
>>
>> Additional Information:
>>
>> Source Context               
>> unconfined_u:system_r:dhcpc_t:SystemLow-SystemHigh
>> Target Context                system_u:object_r:net_conf_t
>> Target Objects                network-scripts [ dir ]
>> Source                        dhclient-script
>> Source Path                   /bin/bash
>> Port                          <Unknown>
>> Host                          localhost
>> Source RPM Packages           bash-4.0-0.4.rc1.fc11
>> Target RPM Packages           
>> Policy RPM                    selinux-policy-3.6.6-1.fc11
>> Selinux Enabled               True
>> Policy Type                   targeted
>> MLS Enabled                   True
>> Enforcing Mode                Enforcing
>> Plugin Name                   catchall_file
>> Host Name                     localhost
>> Platform                      Linux localhost
>> 2.6.29-0.124.rc5.fc11.i586 #1 SMP
>>                               Mon Feb 16 21:15:37 EST 2009
>> i686 athlon
>> Alert Count                   3
>> First Seen                    Tue 17 Feb 2009 09:32:55 AM
>> CST
>> Last Seen                     Tue 17 Feb 2009 09:33:55 AM
>> CST
>> Local ID                     
>> 878e2548-4687-45f0-8115-d40144370614
>> Line Numbers                  
>>
>> Raw Audit Messages            
>>
>> node=localhost type=AVC msg=audit(1234884835.408:131): avc:
>>  denied  { search } for  pid=11969
>> comm="dhclient-script"
>> name="network-scripts" dev=dm-0 ino=28344324
>> scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
>> tcontext=system_u:object_r:net_conf_t:s0 tclass=dir
>>
>> node=localhost type=SYSCALL msg=audit(1234884835.408:131):
>> arch=40000003 syscall=195 success=no exit=-13 a0=8463100
>> a1=bfb25c2c a2=b45ff4 a3=8463102 items=0 ppid=11968
>> pid=11969 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
>> sgid=0 fsgid=0 tty=pts1 ses=1
>> comm="dhclient-script" exe="/bin/bash"
>> subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)
>>
>>
>> I applied it, but did not work :(
>>
>> restorecon -v 'network-scripts'
>>
>>
>> Regards,
>>
>> Antonio 
>>
>>
>>       
>>
>> -- 
> 
> The network does not start anymore and I do not know what is wrong, it is not selinux blocking it, because the fix does not work :(, there might be something wrong with the original network scripts :(, booting hanged, I had to boot into level 1 and chkconfig network off, in order to boot :(
> 
> [root@localhost ~]# rpm -qa initscripts*
> initscripts-8.89-1.i386                 
> You have new mail in /var/spool/mail/root
> [root@localhost ~]# service network status
> Configured devices:
> lo eth0 eth1
> Currently active devices:
> lo
> [root@localhost ~]# service network restart
> Shutting down loopback interface:                          [  OK  ]
> Disabling IPv4 packet forwarding:  net.ipv4.ip_forward = 0
>                                                            [  OK  ]
> Bringing up loopback interface:                            [  OK  ]
> Bringing up interface eth0:
> Determining IP information for eth0...^C
> [root@localhost ~]# cat /etc/resolv.conf
> ; generated by /sbin/dhclient-script
> nameserver 10.128.0.4
> nameserver 10.154.16.130
> nameserver 10.128.0.129
> [root@localhost ~]# ifconfig eth0 10.154.19.210 netmask 255.255.255.0
> [root@localhost ~]# route add default gateway 10.154.19.1
> 
> The other two machines use NetworkManager and there are no problems to report there :)
> 
> There is something wrong should I open a bugreport, unless someone has beated me to it :)
> 
> Regards,
> 
> Antonio 
> 
> 
>       
> 
Any avc messages?

These is some new labeling in /etc/sysconfig/network-scripts

that is potentially causing the problem.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkme3u8ACgkQrlYvE4MpobOzFACgsjzpw4cnKAg56IUZqHAIx7my
OegAn1bfuInAYjYii2DrWQc32nV+nnLr
=k6jx
-----END PGP SIGNATURE-----

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux