Re: network and module problems

[Timothy Wood <timothy@hallcomp.com>]

[-- Attachment #1: Type: text/plain, Size: 5135 bytes --]

On Fri, 2002-01-25 at 10:03, Paul Krumviede wrote:
> --On Friday, 25 January, 2002 09:36 -0500 Timothy Wood 
> <timothy@hallcomp.com> wrote:
> 
> are you running this inside a VMware virtual machine? i had to create
> a policy file for that environment (which is yet to be tested with the
> latest release; i'll send it to the list once that happens). the VMware
> dualconf script instantiates /etc/modules.conf (and some other
> files for X11) as a symlink to the appropriate "real" file depending
> on whether one boots the guest OS as a virtual machine or on the
> real hardware.
> 
> -paul

Yes, I am running it in a VM.  I just looked at the context of the
modules files in /etc and noticed they were different, probably because
I installed the VMware tools after I relabled the files.  I did a make
relabel and I can insmod things now but the lo and eth0 interfaces still
never raise.  What I still don't see is how the lo interface never loads
because as far as I know the lo interface doesn't have a module.  I'm
sifting through dmesg once again, a little more closely this time, and
I"m seeing a lot of wierd things.  Someone tell me if all this looks
right.

(right after journalled loads)
kernel: There is already a security framework initialized,
register_security failed.
kernel: Failure registering capabilities with the kernel
kernel: selinux_register_security:  Registering secondary module
capability
localhost kernel: Capability LSM initialized

...

kernel: pcnet32_probe_pci: found device 0x001022.0x002000
kernel: PCI: Enabling device 00:11.0 (0001 -> 0003)
kernel: PCI: Assigned IRQ 10 for device 00:11.0
keytable: Loading system font: succeeded
kernel: ioaddr=0x001080 resource_flags=0x000101
kernel: eth0: PCnet/PCI II 79C970A at 0x1080, 00 50 56 4a 80 ad
kernel: pcnet32: pcnet32_private lp=c1151000 lp_dma_addr=0x1151000
assigned IRQ 10
kernel: pcnet32.c:v1.25kf 26.9.1999 tsbogend@alpha.franken.de

...

kernel: task_precondition:  assigning context system_u:system_r:kernel_t
to pid 1 exe=none
kernel: task_precondition:  assigning context system_u:system_r:kernel_t
to pid 1 exe=none

...

kernel: avc:  denied  { read } for  pid=74 exe=/sbin/insmod
path=/etc/modules.conf dev=08:01 ino=213709
scontext=system_u:system_r:insmod_t
tcontext=system_u:object_r:modules_conf_t tclass=lnk_file
kernel:
kernel: avc:  denied  { read } for  pid=108 exe=/sbin/depmod
path=/etc/modules.conf dev=08:01 ino=213709
scontext=system_u:system_r:depmod_t
tcontext=system_u:object_r:modules_conf_t tclass=lnk_file
kernel:
kernel: avc:  denied  { read } for  pid=110 exe=/bin/grep
path=/etc/modules.conf dev=08:01 ino=213709
scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:modules_conf_t tclass=lnk_file
kernel: task_precondition:  assigning context system_u:system_r:init_t
to pid 2 exe=none
kernel: task_precondition:  assigning context system_u:system_r:kernel_t
to pid 3 exe=none
kernel: task_precondition:  assigning context system_u:system_r:kernel_t
to pid 4 exe=none
kernel: task_precondition:  assigning context system_u:system_r:kernel_t
to pid 5 exe=none
kernel: task_precondition:  assigning context system_u:system_r:kernel_t
to pid 6 exe=none
kernel: task_precondition:  assigning context system_u:system_r:init_t
to pid 7 exe=none

...

kernel: avc:  denied  { read } for  pid=220 exe=/usr/sbin/updfstab
path=/etc/modules.conf dev=08:01 ino=213709
scontext=system_u:system_r:fsadm_t
tcontext=system_u:object_r:modules_conf_t tclass=lnk_file

...

kernel: avc:  denied  { read } for  pid=220 exe=/usr/sbin/updfstab
path=/etc/modules.conf dev=08:01 ino=213709
scontext=system_u:system_r:fsadm_t
tcontext=system_u:object_r:modules_conf_t tclass=lnk_file

...

kernel: avc:  denied  { unlink } for  pid=251 exe=/bin/rm
path=/etc/modules.conf dev=08:01 ino=213709
scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:modules_conf_t tclass=lnk_file

...

kernel: avc:  denied  { unlink } for  pid=253 exe=/bin/rm
path=/etc/X11/X dev=08:01 ino=102038 scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:etc_t tclass=lnk_file

...

kernel: avc:  denied  { read } for  pid=268 exe=/sbin/insmod
path=/etc/modules.conf dev=08:01 ino=213709
scontext=system_u:system_r:kmod_t
tcontext=system_u:object_r:etc_runtime_t tclass=lnk_file

...

kernel: avc:  denied  { read } for  pid=329 exe=/sbin/insmod
path=/etc/modules.conf dev=08:01 ino=213709
scontext=system_u:system_r:insmod_t
tcontext=system_u:object_r:etc_runtime_t tclass=lnk_file

...

network: Setting network parameters:  succeeded 
ifup: Cannot send dump request: Connection refused 

now I tried doing a tail -f on /var/log/messages and then switching to
another VT to raise both the lo and eth0 interfaces and nothing was
logged but I still get that dump request refused message.  Could the
selinux be blocking the device from being opened or something?

I'm going to download this new version, but should I just get the patch
and apply it to the current version I have or what?

Timothy,


[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]