nsupdate and netlink_socket AVCs
Aleksey Nogin
aleksey at nogin.org
Thu Mar 11 16:36:27 UTC 2004
If I attempt to use nsupdate from under an ordinary user (which
shouldn't be a problem, should it?), then I see
audit(1079022100.499:0): avc: denied { bind } for pid=18759
exe=/usr/bin/nsupdate scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=netlink_socket
audit(1079022100.499:0): avc: denied { getattr } for pid=18759
exe=/usr/bin/nsupdate scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=netlink_socket
audit(1079022100.499:0): avc: denied { write } for pid=18759
exe=/usr/bin/nsupdate scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=netlink_socket
audit(1079022100.500:0): avc: denied { read } for pid=18759
exe=/usr/bin/nsupdate scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=netlink_socket
Not sure what this is all about.
--
Aleksey Nogin
Home Page: http://nogin.org/
E-Mail: nogin at cs.caltech.edu (office), aleksey at nogin.org (personal)
Office: Jorgensen 70, tel: (626) 395-2907
More information about the fedora-selinux-list
mailing list