[LUG.ro] Interpretando mensaje...

Ezequiel Cardinali ecardinali en gmail.com
Vie Nov 7 10:34:02 ART 2008


2008/11/7 Gustavo Cardozo <cardozog en gmx.net>:
> Queridos Camaradas...
>
> Alguien me podría ayudar con esto:
> Cada vez que enciendo la portátil aparece este mensaje en una ventana. Tengo instalado Fedora 8, en una Compaq F566LA
>
> Resúmen:
>
> SELinux is preventing nm-system-setti (NetworkManager_t) "read" to ./PolicyKit
> (polkit_var_lib_t).
>
> Descripción Detallada:
>
> SELinux denied access requested by nm-system-setti. It is not expected that this
> access is required by nm-system-setti and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration of the
> application is causing it to require additional access.
>
> Permitiendo Acceso:
>
> Sometimes labeling problems can cause SELinux denials. You could try to restore
> the default system file context for ./PolicyKit,
>
> restorecon -v './PolicyKit'
>
> If this does not work, there is currently no automatic way to allow this access.
> Instead, you can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Información Adicional:
>
> Contexto Fuente               system_u:system_r:NetworkManager_t:s0-s0:c0.c1023
> Contexto Destino              system_u:object_r:polkit_var_lib_t:s0
> Objetos Destino               ./PolicyKit [ dir ]
> Source                        nm-system-setti
> Source Path                   /usr/sbin/nm-system-settings
> Port                          <Desconocido>
> Host                          joshua
> Source RPM Packages           NetworkManager-0.7.0-0.11.svn4022.4.fc8
> Target RPM Packages
> RPM de Políticas             selinux-policy-3.0.8-121.fc8
> SELinux Activado              True
> Tipo de Política             targeted
> MLS Activado                  True
> Modo Obediente                Enforcing
> Nombre de Plugin              catchall_file
> Nombre de Equipo              joshua
> Plataforma                    Linux joshua 2.6.23.1-42.fc8 #1 SMP Tue Oct 30
>                              13:18:33 EDT 2007 x86_64 x86_64
> Cantidad de Alertas           11
> First Seen                    lun 03 nov 2008 07:39:51 ARST
> Last Seen                     vie 07 nov 2008 10:32:01 ARST
> Local ID                      47d6a0e6-f98a-4314-84b9-4e73070e44e3
> Números de Línea
>
> Mensajes de Auditoría Crudos
>
> host=joshua type=AVC msg=audit(1226061121.240:11): avc:  denied  { read } for  pid=2212 comm="nm-system-setti" name="PolicyKit" dev=sda2 ino=2485982 scontext=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
>
> host=joshua type=SYSCALL msg=audit(1226061121.240:11): arch=c000003e syscall=254 success=no exit=-13 a0=6 a1=319140914e a2=306 a3=31477529f0 items=0 ppid=2211 pid=2212 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="nm-system-setti" exe="/usr/sbin/nm-system-settings" subj=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 key=(null)
>
> Les agradezco de antemano y si necesitan algún otro dato me avisan.
>

Es realmente necesario que tengas SELinux en esa laptop?, para
configurarlo podes usar el comando system-config-selinux



-- 
=======================================
Ezequiel M. Cardinali - Fedora Ambassador
---------------------------------------------------------------
 * http://proyectofedora.org/argentina

 * https://fedoraproject.org/wiki/User:Ezq
---------------------------------------------------------------
8DCB DEAE DF60 0C08 43D6  CF6B B29F C9E1 FCF0 68FD
=======================================



Más información sobre la lista de distribución Lugro