[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [Fwd: Re: Access attempts]
- From: Stephen Smalley <sds tycho nsa gov>
- To: Steve G <linux_4ever yahoo com>
- Cc: fedora-selinux-list redhat com
- Subject: Re: [Fwd: Re: Access attempts]
- Date: Wed, 24 Jan 2007 07:49:56 -0500
On Tue, 2007-01-23 at 14:08 -0800, Steve G wrote:
> >No, the avc message is just misleading. The pid/comm information for
> >network layer permission checks is unreliable because the packet
> >send/recv isn't necessarily happening in the context of the process that
> >initiated the send or that will handle the recv.
>
> Seems like this should be fixed. Everything in the audit message needs to be
> accurate. I think a bug should be filed against the kernel for this.
Ok, feel free. Requires the network permission checks (in sock_rcv_skb
and ip_postroute_last) to pass some kind of flag (e.g. via a new field
in the avc_audit_data struct) to the avc to indicate that it shouldn't
try to log the pid/comm information for current.
--
Stephen Smalley
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]