FC6T1 avc denied messages
Jay Cliburn
jacliburn at bellsouth.net
Tue Jun 27 02:00:37 UTC 2006
On Mon, 2006-06-26 at 11:34 -0400, Stephen Smalley wrote:
> On Sun, 2006-06-25 at 13:19 -0500, Jay Cliburn wrote:
> > I installed FC6T1 in the last day or two, and I'm seeing lots of
> > avc:denied messages when something tries to access the network. The
> > common thread seems to be netif. SELinux is enforcing.
> >
> > I relabeled with:
> > setfiles /etc/selinux/targeted/contexts/files/file_contexts /
> > but the problem persists.
> >
> > [root at gadwall etc]# grep "avc: denied" /var/log/messages | more
> > Jun 25 04:12:39 gadwall kernel: audit(1151226759.322:28): avc: denied { send } for pid=4327 comm="local" saddr=127.0.0.1 src=32769 daddr=127.0.0.1 dest=512 netif=lo scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
> <snip>
>
> What policy do you have? rpm -q selinux-policy
> Latest policy should include those permissions.
>
[jcliburn at gadwall ~]$ uname -r
2.6.17-1.2307_FC6
[jcliburn at gadwall ~]$ rpm -q selinux-policy-targeted
selinux-policy-targeted-2.3.1-1
For now, I've fallen back to Permissive mode so SMTP traffic and
process-based DNS lookups work (e.g., cupsd); they won't work in
Enforcing mode.
More information about the fedora-selinux-list
mailing list