ifconfig behavior being flagged by SELinux

Latest response

Where can I find out what ifconfig is trying to do that is causing a bunch of SELinux errors? Ideally, if ifconfig is supposed to be able to do what it's trying to do, I would like to add a policy for SELinux to allow it. Otherwise, if it's not supposed to be able to do whatever it's trying to do, I'd prefer to leave the access denied, but no longer audit for it.


Here is the AVC message from avcsearch:


type=AVC msg=audit(1340051529.337:1067312): avc: denied { read write } for pid=10289 comm="ifconfig" path="socket:[25431745]" dev=sockfs ino=25431745 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=tcp_socket


Not sure this is related with RHEL6 or RHEL5.


Next step may be to run "sesearch --all | grep ifconfig_t | grep initrc_t" and see whether read and write is allowed by ifconfig_t on initrc_t.


You may also need to run "strace -s1024 -o /tmp/strace.txt ifconfig" and see what kind of write it's trying to make on the socket.



Thanks for the reply. I'm still a bit new to the Linux world (and perhaps SELinux is a bit more advanced than where I am right now). I can try the sesearch. My main thing was that I was trying to figure out what ifconfig was trying to do and whether or not I should allow it.


That's where the strace comes in, though I've never used strace before.


Sounds like this is something that is going to require a lot more time and research. I had hoped that maybe others had seen this type of thing as I don't think our install is largely different from any other average install.


Again, thanks for the tips and hopefully I can find something.