[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: USERCTL=yes - ifup by non-privileged user AVCs.

From: Bill Nottingham <notting redhat com>
To: russell coker com au, "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>
Cc: Aleksey Nogin <aleksey nogin org>
Subject: Re: USERCTL=yes - ifup by non-privileged user AVCs.
Date: Mon, 15 Mar 2004 11:02:13 -0500

Russell Coker (russell coker com au) said: 
> > I have USERCTL=yes in my /etc/sysconfig/network-scripts/ifcfg-wvlan0 and
> > I run "ifup wvlan0" as a non-privileged user. Of course, this generates
> > a long list of AVC messages. Should there be some special policy
> > provisions for the usernetctl?
> >
> > security_compute_sid:  invalid context user_u:user_r:insmod_t for
> > scontext=user_u:user_r:user_t tcontext=system_u:object_r:insmod_exec_t
> > tclass=process
> 
> You just don't do such things as user_r, they should be done as sysadm_r.

This breaks installed systems, though. I suppose usernetctl needs to
change roles.

Bill

Follow-Ups:
- Re: USERCTL=yes - ifup by non-privileged user AVCs.
  - From: Stephen C. Tweedie

References:
- USERCTL=yes - ifup by non-privileged user AVCs.
  - From: Aleksey Nogin
- Re: USERCTL=yes - ifup by non-privileged user AVCs.
  - From: Russell Coker

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]