nsupdate and netlink_socket AVCs
James Morris
jmorris at redhat.com
Thu Mar 11 21:51:43 UTC 2004
On Thu, 11 Mar 2004, Daniel J Walsh wrote:
> Aleksey Nogin wrote:
> Is nsupdate a program to be run by an ordinary user?
> If yes we need to define a security context for nsupdate to allow it to
> access the netlink_sockets.
>
> If we allow users access that any rogue app the user runs could access
> the network devices.
>
Btw, longer term, we will be implementing finer grained Netlink controls,
so policy will be able to e.g. query the routing table but not update it.
- James
--
James Morris
<jmorris at redhat.com>
More information about the fedora-selinux-list
mailing list