avc: denied { something }

Russell Coker russell at coker.com.au
Sat Apr 10 14:20:27 UTC 2004


On Fri, 9 Apr 2004 22:02, Christian Schlaefcke <cschlaefcke at wms-network.de> 
wrote:
> Apr  9 13:59:06 my_server kernel: audit(1081511946.904:0): avc:  denied
> { search } for  pid=3178 exe=/sbin/ifconfig name=net dev= ino=4198
> scontext=system_u:system_r:kernel_t
> tcontext=system_u:object_r:sysctl_net_t tclass=dir

Do you know what the parent process is?  If you are in enforcing mode then 
there should be an application message in the syslog about ifconfig returning 
an error code which should give an indication of the parent process.

ifconfig is not supposed to run in the kernel_t domain.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page





More information about the fedora-test-list mailing list