[policy-1.8-19] Reading the hostname AVCs
Aleksey Nogin
aleksey at nogin.org
Fri Mar 19 08:57:04 UTC 2004
When running hostname (or hostname -s) to _get_ (not set) the hostname
as a "staff" user - under sysadm_r:
audit(1079685457.360:0): avc: denied { read } for pid=9499
exe=/bin/hostname name=resolv.conf dev=hda2 ino=229950
scontext=aleksey:sysadm_r:hostname_t
tcontext=system_u:object_r:net_conf_t tclass=file
audit(1079685457.361:0): avc: denied { getattr } for pid=9499
exe=/bin/hostname path=/etc/resolv.conf dev=hda2 ino=229950
scontext=aleksey:sysadm_r:hostname_t
tcontext=system_u:object_r:net_conf_t tclass=file
audit(1079685457.361:0): avc: denied { create } for pid=9499
exe=/bin/hostname scontext=aleksey:sysadm_r:hostname_t
tcontext=aleksey:sysadm_r:hostname_t tclass=unix_stream_socket
audit(1079685457.361:0): avc: denied { connect } for pid=9499
exe=/bin/hostname scontext=aleksey:sysadm_r:hostname_t
tcontext=aleksey:sysadm_r:hostname_t tclass=unix_stream_socket
The socket ones are coming from, I believe, trying to access
/var/run/nscd/socket that does not exist (nscd was never used on this
machine).
--
Aleksey Nogin
Home Page: http://nogin.org/
E-Mail: nogin at cs.caltech.edu (office), aleksey at nogin.org (personal)
Office: Jorgensen 70, tel: (626) 395-2907
More information about the fedora-selinux-list
mailing list