[policy-1.8-22] Bringing a device via hotplug AVCs

Daniel J Walsh dwalsh at redhat.com
Fri Mar 19 12:46:55 UTC 2004 

Aleksey Nogin wrote:

> The list is now much smaller than it used to be. I see:
>
> audit(1079689114.447:0): avc:  denied  { read } for  pid=1615 
> exe=/sbin/route name=resolv.conf dev=hda2 ino=229950 
> scontext=system_u:system_r:hotplug_t 
> tcontext=system_u:object_r:net_conf_t tclass=file
> audit(1079689114.448:0): avc:  denied  { getattr } for  pid=1615 
> exe=/sbin/route path=/etc/resolv.conf dev=hda2 ino=229950 
> scontext=system_u:system_r:hotplug_t 
> tcontext=system_u:object_r:net_conf_t tclass=file
> audit(1079689115.057:0): avc:  denied  { udp_recv } for 
> saddr=131.215.9.49 src=53 daddr=192.168.1.100 dest=32771 netif=wvlan0 
> scontext=system_u:system_r:hotplug_t 
> tcontext=system_u:object_r:netif_t tclass=netif
> audit(1079689115.057:0): avc:  denied  { udp_recv } for 
> saddr=131.215.9.49 src=53 daddr=192.168.1.100 dest=32771 netif=wvlan0 
> scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:node_t 
> tclass=node
> audit(1079689115.057:0): avc:  denied  { recv_msg } for 
> saddr=131.215.9.49 src=53 daddr=192.168.1.100 dest=32771 netif=wvlan0 
> scontext=system_u:system_r:hotplug_t 
> tcontext=system_u:object_r:dns_port_t tclass=udp_socket Aleksey Nogin 
> wrote:
>
>> The list is now much smaller than it used to be. I see:
>>
>> audit(1079689114.447:0): avc:  denied  { read } for  pid=1615 
>> exe=/sbin/route name=resolv.conf dev=hda2 ino=229950 
>> scontext=system_u:system_r:hotplug_t 
>> tcontext=system_u:object_r:net_conf_t tclass=file
>> audit(1079689114.448:0): avc:  denied  { getattr } for  pid=1615 
>> exe=/sbin/route path=/etc/resolv.conf dev=hda2 ino=229950 
>> scontext=system_u:system_r:hotplug_t 
>> tcontext=system_u:object_r:net_conf_t tclass=file
>> audit(1079689115.057:0): avc:  denied  { udp_recv } for 
>> saddr=131.215.9.49 src=53 daddr=192.168.1.100 dest=32771 netif=wvlan0 
>> scontext=system_u:system_r:hotplug_t 
>> tcontext=system_u:object_r:netif_t tclass=netif
>> audit(1079689115.057:0): avc:  denied  { udp_recv } for 
>> saddr=131.215.9.49 src=53 daddr=192.168.1.100 dest=32771 netif=wvlan0 
>> scontext=system_u:system_r:hotplug_t 
>> tcontext=system_u:object_r:node_t tclass=node
>> audit(1079689115.057:0): avc:  denied  { recv_msg } for 
>> saddr=131.215.9.49 src=53 daddr=192.168.1.100 dest=32771 netif=wvlan0 
>> scontext=system_u:system_r:hotplug_t 
>> tcontext=system_u:object_r:dns_port_t tclass=udp_socket
>>
>
>
Updated policy to handle all your avc messages, not sure what to do with 
the last ones though.

More information about the fedora-selinux-list mailing list