nsupdate and netlink_socket AVCs
Daniel J Walsh
dwalsh at redhat.com
Tue Apr 6 18:06:14 UTC 2004
Aleksey Nogin wrote:
> On 11.03.2004 13:18, Daniel J Walsh wrote:
>
>> Is nsupdate a program to be run by an ordinary user?
>
>
> Yes. But if I understand correctly, it only needs to communicate over
> UDP or TCP to a DNS server from an unprivileged port. I do not know
> why it wants netlink_sockets.
>
>> If yes we need to define a security context for nsupdate to allow it
>> to access the netlink_sockets.
>
>
> Are you sure? _Why_ does nsupdate need it? Is it not an nsupdate
> deficiency?
Probably.
More information about the fedora-selinux-list
mailing list