policy problem with netlink sockets

Richard Hally rhallyx at mindspring.com
Wed Jun 23 03:57:18 UTC 2004 

Attached in the 'spew' file is the last 200 lines from doing a make 
reload of the latest strict policy
(selinux-policy-strict-sources-1.13.7-1). Below are some of the avc 
denied messages generated immediately after the newly made policy was 
loaded. Does this need to be put into bugzilla?
Richard Hally

Jun 22 23:37:38 new2 kernel: audit(1087961858.402:0): avc:  granted  { 
load_policy } for  pid=13433 exe=/usr/sbin/load_policy 
scontext=root:sysadm_r:load_policy_t 
tcontext=system_u:object_r:security_t tclass=security
Jun 22 23:37:38 new2 kernel: security:  6 users, 7 roles, 1254 types, 1 
bools
Jun 22 23:37:38 new2 kernel: security:  51 classes, 340144 rules
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc:  denied  { 
create } for  pid=3051 exe=/usr/bin/gnome-session 
scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t 
tclass=netlink_route_socket
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc:  denied  { 
bind } for  pid=3051 exe=/usr/bin/gnome-session 
scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t 
tclass=netlink_route_socket
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc:  denied  { 
getattr }
for  pid=3051 exe=/usr/bin/gnome-session 
scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t 
tclass=netlink_route_socket
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc:  denied  { 
write } for  pid=3051 exe=/usr/bin/gnome-session 
scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t 
tclass=netlink_route_socket
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc:  denied  { 
nlmsg_read } for  pid=3051 exe=/usr/bin/gnome-session 
scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t 
tclass=netlink_route_socket
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc:  denied  { 
read } for  pid=3051 exe=/usr/bin/gnome-session 
scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t 
tclass=netlink_route_socket
:

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: spew
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040622/5803ad0e/attachment.ksh>

More information about the fedora-selinux-list mailing list