[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[FC5] Wrong default context for hping2
- From: Charles-Edouard Ruault <ce ruault com>
- To: fedora-selinux-list redhat com
- Subject: [FC5] Wrong default context for hping2
- Date: Thu, 06 Apr 2006 18:09:33 +0200
Hi All,
i've noticed that hping2 ( hping2-2.0.0-0.5.rc3 ) is not labeled with
the correct security context.
The binary is labled with context ping_exec_t:
-rwxr-xr-x root root system_u:object_r:ping_exec_t
/usr/sbin/hping2
But the ping_exec_t domain does not allow the creation of packet socket.
Here's the audit log :
type=AVC msg=audit(1144338231.596:1933): avc: denied { create } for
pid=17334 comm="hping2" scontext=user_u:system_r:ping_t:s0-s0:c0.c255
tcontext=user_u:system_r:ping_t:s0-s0:c0.c255 tclass=packet_socket
To work around this issue, i simply changed the context of hping2 to
sbin_t and it works fine.
The other option is to modify the ping_t domain to allow the creation of
packet socket.
audit2allow yields the following rule:
allow ping_t self:packet_socket create;
I'll leave the decision up to the package maintainer !
--
Charles-Edouard Ruault
GPG key Id E4D2B80C
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]