[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: nsupdate and netlink_socket AVCs

From: Daniel J Walsh <dwalsh redhat com>
To: fedora-selinux-list redhat com
Subject: Re: nsupdate and netlink_socket AVCs
Date: Tue, 06 Apr 2004 14:06:14 -0400

Aleksey Nogin wrote:

On 11.03.2004 13:18, Daniel J Walsh wrote:

Is nsupdate a program to be run by an ordinary user?

Yes. But if I understand correctly, it only needs to communicate over UDP or TCP to a DNS server from an unprivileged port. I do not know why it wants netlink_sockets.

If yes we need to define a security context for nsupdate to allow it to access the netlink_sockets.

Are you sure? _Why_ does nsupdate need it? Is it not an nsupdate deficiency?

Probably.

Follow-Ups:
- Re: nsupdate and netlink_socket AVCs
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]