今天用 Fedora Live CD 重装了 Fedora 10,系统网络极不稳定。Network 服务无法启动 ADSL 链接,setroubleshoot browser 提示出错。
Summary:
SELinux is preventing pppd (pppd_t) "write" to ./ppp-ppp0.pid (var_run_t).
Detailed Description:
SELinux is preventing pppd (pppd_t) "write" to ./ppp-ppp0.pid (var_run_t). The
SELinux type var_run_t, is a generic type for all files in the directory and
very few processes (SELinux Domains) are allowed to write to this SELinux type.
This type of denial usual indicates a mislabeled file. By default a file created
in a directory has the gets the context of the parent directory, but SELinux
policy has rules about the creation of directories, that say if a process
running in one SELinux Domain (D1) creates a file in a directory with a
particular SELinux File Context (F1) the file gets a different File Context
(F2). The policy usually allows the SELinux Domain (D1) the ability to write,
unlink, and append on (F2). But if for some reason a file (./ppp-ppp0.pid) was
created with the wrong context, this domain will be denied. The usual solution
to this problem is to reset the file context on the target file, restorecon -v
'./ppp-ppp0.pid'. If the file context does not change from var_run_t, then this
is probably a bug in policy. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against the selinux-policy
package. If it does change, you can try your application again to see if it
works. The file context could have been mislabeled by editing the file or moving
the file from a different directory, if the file keeps getting mislabeled, check
the init scripts to see if they are doing something to mislabel the file.
Allowing Access:
You can attempt to fix file context by executing restorecon -v './ppp-ppp0.pid'
Fix Command:
restorecon './ppp-ppp0.pid'
Additional Information:
Source Context unconfined_u:system_r:pppd_t:s0
Target Context unconfined_u:object_r:var_run_t:s0
Target Objects ./ppp-ppp0.pid [ file ]
Source pppd
Source Path /usr/sbin/pppd
Port <Unknown>
Host localhost.localdomain
Source RPM Packages ppp-2.4.4-8.fc10
Target RPM Packages
Policy RPM selinux-policy-3.5.13-38.fc10
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name mislabeled_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.27.9-159.fc10.i686
#1 SMP Tue Dec 16 15:12:04 EST 2008 i686 i686
Alert Count 44
First Seen Sun 18 Jan 2009 08:29:02 PM CST
Last Seen Sun 18 Jan 2009 08:48:43 PM CST
Local ID a58a621e-4abf-4dd6-a64c-ad4f45bcae91
Line Numbers
Summary:
SELinux is preventing pppd (pppd_t) "write" to ./ppp-ppp0.pid (var_run_t).
Detailed Description:
SELinux is preventing pppd (pppd_t) "write" to ./ppp-ppp0.pid (var_run_t). The
SELinux type var_run_t, is a generic type for all files in the directory and
very few processes (SELinux Domains) are allowed to write to this SELinux type.
This type of denial usual indicates a mislabeled file. By default a file created
in a directory has the gets the context of the parent directory, but SELinux
policy has rules about the creation of directories, that say if a process
running in one SELinux Domain (D1) creates a file in a directory with a
particular SELinux File Context (F1) the file gets a different File Context
(F2). The policy usually allows the SELinux Domain (D1) the ability to write,
unlink, and append on (F2). But if for some reason a file (./ppp-ppp0.pid) was
created with the wrong context, this domain will be denied. The usual solution
to this problem is to reset the file context on the target file, restorecon -v
'./ppp-ppp0.pid'. If the file context does not change from var_run_t, then this
is probably a bug in policy. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against the selinux-policy
package. If it does change, you can try your application again to see if it
works. The file context could have been mislabeled by editing the file or moving
the file from a different directory, if the file keeps getting mislabeled, check
the init scripts to see if they are doing something to mislabel the file.
Allowing Access:
You can attempt to fix file context by executing restorecon -v './ppp-ppp0.pid'
Fix Command:
restorecon './ppp-ppp0.pid'
Additional Information:
Source Context unconfined_u:system_r:pppd_t:s0
Target Context unconfined_u:object_r:var_run_t:s0
Target Objects ./ppp-ppp0.pid [ file ]
Source pppd
Source Path /usr/sbin/pppd
Port <Unknown>
Host localhost.localdomain
Source RPM Packages ppp-2.4.4-8.fc10
Target RPM Packages
Policy RPM selinux-policy-3.5.13-38.fc10
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name mislabeled_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.27.9-159.fc10.i686
#1 SMP Tue Dec 16 15:12:04 EST 2008 i686 i686
Alert Count 44
First Seen Sun 18 Jan 2009 08:29:02 PM CST
Last Seen Sun 18 Jan 2009 08:48:43 PM CST
Local ID a58a621e-4abf-4dd6-a64c-ad4f45bcae91
Line Numbers
Raw Audit Messages
node=localhost.localdomain type=AVC msg=audit(1232282923.845:185): avc: denied { write } for pid=5856 comm="pppd" name="ppp-ppp0.pid" dev=dm-0 ino=16102 scontext=unconfined_u:system_r:pppd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file
node=localhost.localdomain type=SYSCALL msg=audit(1232282923.845:185): arch=40000003 syscall=5 success=no exit=-13 a0=b80e8780 a1=241 a2=1b6 a3=240 items=0 ppid=5554 pid=5856 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="pppd" exe="/usr/sbin/pppd" subj=unconfined_u:system_r:pppd_t:s0 key=(null)Raw Audit Messages
node=localhost.localdomain type=AVC msg=audit(1232282923.845:185): avc: denied { write } for pid=5856 comm="pppd" name="ppp-ppp0.pid" dev=dm-0 ino=16102 scontext=unconfined_u:system_r:pppd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file
node=localhost.localdomain type=SYSCALL msg=audit(1232282923.845:185): arch=40000003 syscall=5 success=no exit=-13 a0=b80e8780 a1=241 a2=1b6 a3=240 items=0 ppid=5554 pid=5856 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="pppd" exe="/usr/sbin/pppd" subj=unconfined_u:system_r:pppd_t:s0 key=(null)
解决方法:
restorecon -v /var/run/ppp-ppp0.pid
restorecon -v /var/run/pppd2.pid
restorecon -v /var/run/ppp0.pid