[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[policy-1.8-19] Reading the hostname AVCs

From: Aleksey Nogin <aleksey nogin org>
To: "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>
Subject: [policy-1.8-19] Reading the hostname AVCs
Date: Fri, 19 Mar 2004 00:57:04 -0800

When running hostname (or hostname -s) to _get_ (not set) the hostname as a "staff" user - under sysadm_r:

audit(1079685457.360:0): avc: denied { read } for pid=9499 exe=/bin/hostname name=resolv.conf dev=hda2 ino=229950 scontext=aleksey:sysadm_r:hostname_t tcontext=system_u:object_r:net_conf_t tclass=file audit(1079685457.361:0): avc: denied { getattr } for pid=9499 exe=/bin/hostname path=/etc/resolv.conf dev=hda2 ino=229950 scontext=aleksey:sysadm_r:hostname_t tcontext=system_u:object_r:net_conf_t tclass=file audit(1079685457.361:0): avc: denied { create } for pid=9499 exe=/bin/hostname scontext=aleksey:sysadm_r:hostname_t tcontext=aleksey:sysadm_r:hostname_t tclass=unix_stream_socket audit(1079685457.361:0): avc: denied { connect } for pid=9499 exe=/bin/hostname scontext=aleksey:sysadm_r:hostname_t tcontext=aleksey:sysadm_r:hostname_t tclass=unix_stream_socket

The socket ones are coming from, I believe, trying to access /var/run/nscd/socket that does not exist (nscd was never used on this machine).

--
Aleksey Nogin

Home Page: http://nogin.org/
E-Mail: nogin cs caltech edu (office), aleksey nogin org (personal)
Office: Jorgensen 70, tel: (626) 395-2907

Follow-Ups:
- Re: [policy-1.8-19] Reading the hostname AVCs
  - From: Russell Coker

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]