[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Stuff I found in my log?

From: Stephen Smalley <sds tycho nsa gov>
To: Daniel J Walsh <dwalsh redhat com>
Cc: fedora-selinux-list redhat com
Subject: Re: Stuff I found in my log?
Date: Wed, 24 May 2006 09:53:34 -0400

On Wed, 2006-05-24 at 09:33 -0400, Daniel J Walsh wrote:
> > I get these too. I asked about it yesterday but no response yet. Looking
> > at the policy for other packages, and bearing in mind that webalizer
> > still seems to work despite the denials, I suspect that these can be
> > dontaudit-ed, but I'd like to know what they are first.
> >   
> This means webalizer is trying to look at the routing table.  Not sure 
> whether it matters whether it can or can not.  Not that
> valuable of information so I will probably allow.

It is a common access attempt due to library probing.  We commonly
dontaudit it, but you could allow the read-only form (i.e. create read
write nlmsg_read) to get routing information without being able to
modify it (which requires nlmsg_write).  Note the distinction:  read and
write permission means the ability to communicate with the kernel over
the socket which is required for any kind of operation, whereas
nlmsg_read and nlmsg_write correspond to the actual reading and writing
of the routing table info (or other netlink-provided data).

-- 
Stephen Smalley
National Security Agency

Follow-Ups:
- Re: Stuff I found in my log?
  - From: Paul Howarth

References:
- Stuff I found in my log?
  - From: Knute Johnson
- Re: Stuff I found in my log?
  - From: Paul Howarth
- Re: Stuff I found in my log?
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]