Wind River Support Network

HomeDefectsCGP5-547
Fixed

CGP5-547 : [Feature Testing][networking]: The user root can not config IP address for ethx after selinux is set as "enforcing".

Created: Jan 17, 2013    Updated: Mar 11, 2016
Resolved Date: Sep 6, 2013
Found In Version: 5.0.1
Fix Version: 5.0.1.3,6.0
Severity: Severe
Applicable for: Wind River Linux 5
Component/s: Networking

Description

Problem Description
======================
The user root can not config IP address for ethx after selinux is set as "enforcing".

Expected Behavior
======================
We can config the IP address when selinux is enabled.

Observed Behavior
======================
root@localhost:~# ifconfig eth1 192.168.1.1
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied
root@localhost:~# ifconfig eth2 192.168.1.1
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied
root@localhost:~# vim /etc/selinux/config 
root@localhost:~# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             wr-mls
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      26
root@localhost:~# newrole -r secadm_r -- -c "/usr/sbin/setenforce 0"
Password: 
root@localhost:~# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             wr-mls
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      26
root@localhost:~# 
root@localhost:~# 
root@localhost:~# ifconfig eth2 192.168.1.1
root@localhost:~# ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_req=1 ttl=64 time=0.381 ms
64 bytes from 192.168.1.2: icmp_req=2 ttl=64 time=0.197 ms
64 bytes from 192.168.1.2: icmp_req=3 ttl=64 time=0.228 ms
64 bytes from 192.168.1.2: icmp_req=4 ttl=64 time=0.226 ms
^C
--- 192.168.1.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2997ms
rtt min/avg/max/mdev = 0.197/0.258/0.381/0.072 ms
root@localhost:~#

Steps to Reproduce

1 configure a CGL kernel/rootfs project:

../wrlinux-5/wrlinux/configure --enable-board=intel-xeon-core --enable-kernel=cgl --enable-rootfs=glibc_cgl --enable-parallel-pkgbuilds=16 --enable-jobs=8 --with-layer=examples/hello-world --with-template=feature/lsbtesting,feature/hello-world,feature/cut
2. make fs
3. start the target with the kernel and rootfs
4. on target:
	ifconfig eth2 192.168.1.1
	sestatus
	newrole -r secadm_r -- -c "/usr/sbin/setenforce 0"
	ifconfig eth2 192.168.1.1

Other Downloads


Live chat
Online