[i=s] ±¾Ìû×îºóÓÉ icecox ÓÚ 2009-5-31 14:22 ±à¼ [/i]
[font=·ÂËÎ_GB2312]¸÷λ¸ßÊÖ£¬ÇëÄãÃÇ°ïæ¿´¿´Õâ¸öÎÊÌâÔõô´¦Àí¡£
×î½ü¼¸Ìì¡£ÔÚibm t42µÄ±¾×ÓÉÏÃæ°²×°ÁËlinux fedora 10 ϵͳ¡£
°²×°¹ý³ÌºÜ˳Àû£¬ÏµÍ³°²×°ÉÏÒÔºó¡£ËùÓеÄÉ豸¶¼Çý¶¯ÁË£¬Î¨¶ÀÍø¿¨µÄµØ·½³öÁËÎÊÌâ¡£
·¢ÏÖ²»ÄÜÉèÖÃÍø¿¨²ÎÊý£¬¶øÇÒ¸ü¸ÄµÄÁËÍø¿¨²ÎÊýºó»áËÀ»ú¡£
ÎÒÉÏÍø²éÁ˲»ÉÙ×ÊÁÏ£¬ËµÕâ¸öÍø¿¨ÎÊÌâÊÇfedora 10 µÄͨ²¡¡£[/font]
[font=·ÂËÎ_GB2312]¾ÍÊÇ×ÓÍøÑÚÂ벿·ÖºÍÍø¹ØÊÇÒ»ÑùµÄ£¬Ò²ÌṩÁËÎÊÌâµÄ½â¾ö°ì·¨¡£
Ò»ÖÖ·½·¨ÊÇ£ºsystem-config-network¹¤¾ß£¬ÓÐͼÐλ¯½çÃ棬ÃüÁîÐÐ
Ò»ÖÖ·½·¨ÊÇ£ºÔÚredhatÀïÃæÓÐnetconfigÃüÁî µ«ÊÇfedoraûÓУ¬ÓëÖ®ÏàÓ¦µÄÃüÁîÊÇsetup¡£
Ò»ÖÖ·½·¨ÊÇ£º´¿ÃüÁîÐÐifconfig
×¢Ò⣺ÓÃifconfigÃüÁîÅäÖõÄÍø¿¨ÐÅÏ¢£¬ÔÚÍø¿¨ÖØÆôºó»úÆ÷ÖØÆôºó£¬ÅäÖþͲ»´æÔÚ¡£ÒªÏ뽫ÉÏÊöµÄÅäÖÃÐÅÏ¢ÓÀÔ¶µÄ´æµÄµçÄÔÀÄǾÍÒªÐÞ¸ÄÍø¿¨µÄÅäÖÃÎļþÁË¡£[/font]
[font=·ÂËÎ_GB2312]µ«ÊÇÎÒÔÚ¾ßÌå×öµÄʱºò£¬·¢ÏÖÔÚÎÒÖØÆôÍøÂçµÄ·þÎñµÄʱºò»úÆ÷»á½©ËÀ¡£
ÏÖÔÚ°ÑÎҵĽØͼ·¢À´¿´¿´¡£
[/font][font=·ÂËÎ_GB2312][/size][/font]
[font=·ÂËÎ_GB2312][size=4]
ÏÈ¿´¿´ÍøÂç²ÎÊý£¬Ö»ÓÐÒ»¸ö»·»Ø¡£
[attach]15314[/attach]
ÆôÓÃÍø¿¨£¬¿´¿´²ÎÊý¡£
[attach]15315[/attach]
Ö¸¶¨ipºÍÍøÂçÑÚÂ룬ÎҵĻ·¾³ÊÇͨ¹ý·ÓÉÆ÷ÉÏÍø¡£
[attach]15316[/attach]
ÖØÐÂÆô¶¯ÍøÂç·þÎñ¾ÍËÀ»úÁË¡£ÓÃalt+ctrl+f*Ò²Çл»²»µ½¿ØÖÆ̨¡£
[attach]15317[/attach]
[/font]
icecox ÓÚ 2009-05-31 18:14:23·¢±í:
ÎÒÕâ¸ö±Ê¼Ç±¾µ½Íø¿¨ ÔÚwindowsϵÄʱºò¾Í·¢ÏÖÍø¿¨²»ÄÜÍ£Óᣵ±Ê±Ã»ÓÐÔÚÒ⣬ÏÖÔÚ·¢ÏÖ»¹ÊÇÕâ¸öÎÊÌâ¡£
txwsqk ÓÚ 2009-05-31 17:04:08·¢±í:
fedoraµÄ network-manager Õâ¸ö·þÎñÓÐÎÊÌâ °ÑËüÍ£ÓÃ
È»ºóÆôÓà network·þÎñ¾ÍÐÐÁË È»ºóÐÞ¸Ä /etc/sysconfig/network-scripts/ifcfg-eth0ÀïµÄ²ÎÊý¾ÍÐÐÁË
icecox ÓÚ 2009-05-31 14:23:40·¢±í:
¸½¼þ1£º
¸ÅÊö:
SELinux is preventing ip (ifconfig_t) "read write" unconfined_t.
ÏêϸÃèÊö:
SELinux denied access requested by ip. It is not expected that this access is
required by ip and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.
ÔÊÐí·ÃÎÊ:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
¸½¼ÓÐÅÏ¢:
Ô´ÉÏÏÂÎÄ unconfined_u:system_r:ifconfig_t:s0
Ä¿±êÉÏÏÂÎÄ unconfined_u:unconfined_r:unconfined_t:s0
Ä¿±ê¶ÔÏó socket [ unix_stream_socket ]
Ô´ ip
Դ·¾¶ /sbin/ip
¶Ë¿Ú <δ֪>
Ö÷»ú whoami
Ô´ RPM Èí¼þ°ü iproute-2.6.26-1.fc10
Ä¿±ê RPM Èí¼þ°ü
²ßÂÔ RPM selinux-policy-3.5.13-18.fc10
ÆôÓÃ Selinux True
²ßÂÔÀàÐÍ targeted
ÆôÓÃ MLS True
Enforcing ģʽ Enforcing
²å¼þÃû³Æ catchall
Ö÷»úÃû whoami
ƽ̨ Linux whoami 2.6.27.5-117.fc10.i686 #1 SMP Tue Nov
18 12:19:59 EST 2008 i686 i686
¾¯±¨¼ÆÊý 41
µÚÒ»¸ö 2009Äê05ÔÂ31ÈÕ ÐÇÆÚÈÕ 11ʱ46·Ö37Ãë
×îºóÒ»¸ö 2009Äê05ÔÂ31ÈÕ ÐÇÆÚÈÕ 11ʱ46·Ö58Ãë
±¾µØ ID adb3bdad-d7cd-4101-be19-f992f6a70dfe
ÐкÅ
ÔʼºË²éÐÅÏ¢
node=whoami type=AVC msg=audit(1243741618.849:58): avc: denied { read write } for pid=3779 comm="ip" path="socket:[19151]" dev=sockfs ino=19151 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket
node=whoami type=SYSCALL msg=audit(1243741618.849:58): arch=40000003 syscall=11 success=yes exit=0 a0=8fec680 a1=8fbcec8 a2=8fec848 a3=0 items=0 ppid=3768 pid=3779 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="ip" exe="/sbin/ip" subj=unconfined_u:system_r:ifconfig_t:s0 key=(null)