nsupdate and netlink_socket AVCs
Aleksey Nogin
aleksey at nogin.org
Fri Mar 12 03:26:20 UTC 2004
On 11.03.2004 13:18, Daniel J Walsh wrote:
> Is nsupdate a program to be run by an ordinary user?
Yes. But if I understand correctly, it only needs to communicate over
UDP or TCP to a DNS server from an unprivileged port. I do not know why
it wants netlink_sockets.
> If yes we need to
> define a security context for nsupdate to allow it to access the
> netlink_sockets.
Are you sure? _Why_ does nsupdate need it? Is it not an nsupdate deficiency?
--
Aleksey Nogin
Home Page: http://nogin.org/
E-Mail: nogin at cs.caltech.edu (office), aleksey at nogin.org (personal)
Office: Jorgensen 70, tel: (626) 395-2907
More information about the fedora-selinux-list
mailing list