FC6T1 avc denied messages
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Jun 26 00:17:27 UTC 2006
On Sun, 25 Jun 2006 13:19:58 CDT, Jay Cliburn said:
> I relabeled with:
> setfiles /etc/selinux/targeted/contexts/files/file_contexts /
> but the problem persists.
That's not the problem... This is the SECMARK stuff for packet labelling.
> [root at gadwall etc]# grep "avc: denied" /var/log/messages | more
> Jun 25 04:12:39 gadwall kernel: audit(1151226759.322:28): avc: denied { send } for pid=4327 comm="local" saddr=127.0.0.1 src=32769 daddr=127.0.0.1 dest=512 netif=lo scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
"Oh, bother", said Pooh, as he chambered another round...
Not all the SECMARK stuff is in Rawhide yet, as far as I can tell.
http://people.redhat.com/jmorris/selinux/secmark/ has the secmark-2.0 tarball.
Note that parts of this have already made it upstream (for example, the patch
to serefpolicy is upstreamed already, and the kernel parts are in Linus's
tree already. I did have to patch iptables though, and add a rc.d script
to set it up during boot...
I've appended a writeup James Morris did on Secmark 1.1, which gives some hints
of how to set it up.
Is all of this on track to be included in FC6? And in particular, how
is the rc.d scripting planned to work?
-------------- next part --------------
An embedded message was scrubbed...
From: James Morris <jmorris at namei.org>
Subject: [RFC] SECMARK 1.1
Date: Sun, 14 May 2006 02:03:31 -0400 (EDT)
Size: 22181
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20060625/745ab978/attachment.eml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20060625/745ab978/attachment.sig>
More information about the fedora-selinux-list
mailing list