I'm seeing this in dmesg:
(as I add the allow rules to a new machine)
[ 13.769513] SELinux: initialized (dev tmpfs, type tmpfs), uses
transition SIDs
[ 19.025365] ndiswrapper version 1.54-2.6.27.7 loaded (smp=yes, preempt=no)
[ 19.329584] ndiswrapper: driver bcmwl5 (Broadcom,03/21/2008,
4.170.77.3) loaded
[ 19.330401] ndiswrapper 0000:03:00.0: power state changed by ACPI to D0
[ 19.330571] ndiswrapper 0000:03:00.0: PCI INT A -> Link[Z00F] ->
GSI 22 (level, low) -> IRQ 22
[ 19.330856] ndiswrapper 0000:03:00.0: power state changed by ACPI to D0
[ 19.330973] ndiswrapper 0000:03:00.0: setting latency timer to 64
[ 19.344429] ndiswrapper: using IRQ 22
[ 19.570301] wlan0 (ndiswrapper): not using net_device_ops yet
[ 19.570825] wlan0: ethernet device 00:1f:f3:bd:f0:98 using NDIS
driver: bcmwl5, version: 0x4aa4d03, NDIS version: 0x501, vendor: 'NDIS
Network Adapter', 14E4:432B.5.conf
[ 19.570876] wlan0: encryption modes supported: WEP; TKIP with WPA,
WPA2, WPA2PSK; AES/CCMP with WPA, WPA2, WPA2PSK
[ 19.572385] usbcore: registered new interface driver ndiswrapper
[ 23.017545] type=1401 audit(1239994223.882:3): SELinux:
unrecognized netlink message type=28265 for sclass=43
[ 23.017547]
[ 23.017574] type=1300 audit(1239994223.882:3): arch=40000003
syscall=4 success=yes exit=18 a0=2 a1=8064c17 a2=12 a3=12 items=0
ppid=1690 pid=1780 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip"
exe="/sbin/ip" subj=system_u:system_r:ifconfig_t:s0 key=(null)
Hopefully I can start the system in full enforcement.
--
Justin P. Mattock
On Friday 17 April 2009 02:54:19 pm Justin Mattock wrote:
> I'm seeing this in dmesg:
> (as I add the allow rules to a new machine)
...
> [ 23.017545] type=1401 audit(1239994223.882:3): SELinux:
> unrecognized netlink message type=28265 for sclass=43
> [ 23.017547]
> [ 23.017574] type=1300 audit(1239994223.882:3): arch=40000003
> syscall=4 success=yes exit=18 a0=2 a1=8064c17 a2=12 a3=12 items=0
> ppid=1690 pid=1780 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip"
> exe="/sbin/ip" subj=system_u:system_r:ifconfig_t:s0 key=(null)
Well, the socket class, aka "sclass" is 43 which means it is a routing socket
and based on the rest of the audit snippet I'm going to guess the application
in use is "ip". Do you get the message only once at boot? If so it is
probably part of the normal network configuration.
The unfortunate part is that the message type is 28265 which puts it way
beyond the range of the routing message types that I can see in the kernel
(include/linux/rtnetlink.h). I'm not too familiar with the netlink routing
socket protocol so it is possible other values are OR'd onto the basic message
type which would bump the type field to 28265 but I somehow doubt that.
Do you know what the ip command is trying to do?
--
paul moore
linux @ hp
On Mon, Apr 20, 2009 at 9:40 AM, Paul Moore <[email protected]> wrote:
> On Friday 17 April 2009 02:54:19 pm Justin Mattock wrote:
>> I'm seeing this in dmesg:
>> (as I add the allow rules to a new machine)
>
> ...
>
>> [ ? 23.017545] type=1401 audit(1239994223.882:3): SELinux:
>> unrecognized netlink message type=28265 for sclass=43
>> [ ? 23.017547]
>> [ ? 23.017574] type=1300 audit(1239994223.882:3): arch=40000003
>> syscall=4 success=yes exit=18 a0=2 a1=8064c17 a2=12 a3=12 items=0
>> ppid=1690 pid=1780 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
>> egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip"
>> exe="/sbin/ip" subj=system_u:system_r:ifconfig_t:s0 key=(null)
>
> Well, the socket class, aka "sclass" is 43 which means it is a routing socket
> and based on the rest of the audit snippet I'm going to guess the application
> in use is "ip". ?Do you get the message only once at boot? ?If so it is
> probably part of the normal network configuration.
>
> The unfortunate part is that the message type is 28265 which puts it way
> beyond the range of the routing message types that I can see in the kernel
> (include/linux/rtnetlink.h). ?I'm not too familiar with the netlink routing
> socket protocol so it is possible other values are OR'd onto the basic message
> type which would bump the type field to 28265 but I somehow doubt that.
>
> Do you know what the ip command is trying to do?
>
> --
> paul moore
> linux @ hp
>
>
wicd is being used to start the internet at bootup.
As for any issues(there is, but I think it's more ndiswrapper related).
Attached is dmesg, to give you an idea of whats happening
(I'm seeing the ip command generated twice).
Also there is an issue with using the latest snapshot of gcc
(received an error a few days ago, and Stephen pointed out what
was happening) Which hopefully didn't mess anything up
with libselinux, etc...(you never know, compiled with a bad gcc could generate
wrong avc's)
regards,
--
Justin P. Mattock
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dmesg
Type: application/octet-stream
Size: 46951 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090420/d67ece5e/attachment-0001.obj