--- On Tue, 2/17/09, Antonio Olivares olivares14031@yahoo.com wrote:
From: Antonio Olivares olivares14031@yahoo.com Subject: network-scripts problem To: fedora-list@redhat.com Cc: fedora-selinux-list@redhat.com Date: Tuesday, February 17, 2009, 7:43 AM Dear fellow testers,
I encountered network functions/network-scripts problem :(
[root@localhost ~]# dhclient eth0 Missing /etc/sysconfig/network-scripts/network-functions, exiting. Missing /etc/sysconfig/network-scripts/network-functions, exiting. Missing /etc/sysconfig/network-scripts/network-functions, exiting. ^C
[root@localhost ~]# restorecon -v 'network-scripts'
restorecon: stat error on network-scripts: No such file or directory [root@localhost ~]# restorecon -v network-scripts restorecon: stat error on network-scripts: No such file or directory [root@localhost ~]# dhclient eth0 Missing /etc/sysconfig/network-scripts/network-functions, exiting. ^C
You have new mail in /var/spool/mail/root
[root@localhost ~]# service network status
Configured devices:
lo eth0 eth1
Currently active devices: lo eth1 eth0 [root@localhost ~]# service network restart Shutting down interface eth0: [ OK ] Shutting down interface eth1: [ OK ] Shutting down loopback interface: [ OK ] Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
[ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: Determining IP information for eth0...Missing /etc/sysconfig/network-scripts/network-functions, exiting. ^C
Got also greeted by selinux alert:
Summary:
SELinux is preventing dhclient-script (dhcpc_t) "search" to network-scripts (net_conf_t).
Detailed Description:
SELinux denied access requested by dhclient-script. It is not expected that this access is required by dhclient-script and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for network-scripts,
restorecon -v 'network-scripts'
If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Additional Information:
Source Context unconfined_u:system_r:dhcpc_t:SystemLow-SystemHigh Target Context system_u:object_r:net_conf_t Target Objects network-scripts [ dir ] Source dhclient-script Source Path /bin/bash Port <Unknown> Host localhost Source RPM Packages bash-4.0-0.4.rc1.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.6-1.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name localhost Platform Linux localhost 2.6.29-0.124.rc5.fc11.i586 #1 SMP Mon Feb 16 21:15:37 EST 2009 i686 athlon Alert Count 3 First Seen Tue 17 Feb 2009 09:32:55 AM CST Last Seen Tue 17 Feb 2009 09:33:55 AM CST Local ID 878e2548-4687-45f0-8115-d40144370614 Line Numbers
Raw Audit Messages
node=localhost type=AVC msg=audit(1234884835.408:131): avc: denied { search } for pid=11969 comm="dhclient-script" name="network-scripts" dev=dm-0 ino=28344324 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=dir
node=localhost type=SYSCALL msg=audit(1234884835.408:131): arch=40000003 syscall=195 success=no exit=-13 a0=8463100 a1=bfb25c2c a2=b45ff4 a3=8463102 items=0 ppid=11968 pid=11969 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="dhclient-script" exe="/bin/bash" subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)
I applied it, but did not work :(
restorecon -v 'network-scripts'
Regards,
Antonio
--
The network does not start anymore and I do not know what is wrong, it is not selinux blocking it, because the fix does not work :(, there might be something wrong with the original network scripts :(, booting hanged, I had to boot into level 1 and chkconfig network off, in order to boot :(
[root@localhost ~]# rpm -qa initscripts* initscripts-8.89-1.i386 You have new mail in /var/spool/mail/root [root@localhost ~]# service network status Configured devices: lo eth0 eth1 Currently active devices: lo [root@localhost ~]# service network restart Shutting down loopback interface: [ OK ] Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0 [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: Determining IP information for eth0...^C [root@localhost ~]# cat /etc/resolv.conf ; generated by /sbin/dhclient-script nameserver 10.128.0.4 nameserver 10.154.16.130 nameserver 10.128.0.129 [root@localhost ~]# ifconfig eth0 10.154.19.210 netmask 255.255.255.0 [root@localhost ~]# route add default gateway 10.154.19.1
The other two machines use NetworkManager and there are no problems to report there :)
There is something wrong should I open a bugreport, unless someone has beated me to it :)
Regards,
Antonio