[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: nsupdate and netlink_socket AVCs

From: Aleksey Nogin <aleksey nogin org>
To: fedora-selinux-list redhat com
Subject: Re: nsupdate and netlink_socket AVCs
Date: Thu, 11 Mar 2004 19:26:20 -0800

On 11.03.2004 13:18, Daniel J Walsh wrote:

Is nsupdate a program to be run by an ordinary user?

Yes. But if I understand correctly, it only needs to communicate over UDP or TCP to a DNS server from an unprivileged port. I do not know why it wants netlink_sockets.

If yes we need to define a security context for nsupdate to allow it to access the netlink_sockets.

Are you sure? _Why_ does nsupdate need it? Is it not an nsupdate deficiency?

--
Aleksey Nogin

Home Page: http://nogin.org/
E-Mail: nogin cs caltech edu (office), aleksey nogin org (personal)
Office: Jorgensen 70, tel: (626) 395-2907

Follow-Ups:
- Re: nsupdate and netlink_socket AVCs
  - From: Daniel J Walsh

References:
- nsupdate and netlink_socket AVCs
  - From: Aleksey Nogin
- Re: nsupdate and netlink_socket AVCs
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]