[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: nsupdate and netlink_socket AVCs



Daniel J Walsh wrote:

Aleksey Nogin wrote:

On 11.03.2004 13:18, Daniel J Walsh wrote:

Is nsupdate a program to be run by an ordinary user?



Yes. But if I understand correctly, it only needs to communicate over UDP or TCP to a DNS server from an unprivileged port. I do not know why it wants netlink_sockets.


If yes we need to define a security context for nsupdate to allow it to access the netlink_sockets.



Are you sure? _Why_ does nsupdate need it? Is it not an nsupdate deficiency?

nsupdate does the following which looks suspicious.

   result = isc_net_probeipv4();
   if (result == ISC_R_SUCCESS)
       have_ipv4 = ISC_TRUE;

How does one use nsupdate?

I just ran it and it came back with a
>
prompt.

Dan


Probably. -- fedora-selinux-list mailing list fedora-selinux-list redhat com http://www.redhat.com/mailman/listinfo/fedora-selinux-list


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]