nsupdate and netlink_socket AVCs
Daniel J Walsh
dwalsh at redhat.com
Tue Apr 6 19:07:21 UTC 2004
Daniel J Walsh wrote:
> Aleksey Nogin wrote:
>
>> On 11.03.2004 13:18, Daniel J Walsh wrote:
>>
>>> Is nsupdate a program to be run by an ordinary user?
>>
>>
>>
>> Yes. But if I understand correctly, it only needs to communicate over
>> UDP or TCP to a DNS server from an unprivileged port. I do not know
>> why it wants netlink_sockets.
>>
>>> If yes we need to define a security context for nsupdate to allow it
>>> to access the netlink_sockets.
>>
>>
>>
>> Are you sure? _Why_ does nsupdate need it? Is it not an nsupdate
>> deficiency?
>
nsupdate does the following which looks suspicious.
result = isc_net_probeipv4();
if (result == ISC_R_SUCCESS)
have_ipv4 = ISC_TRUE;
How does one use nsupdate?
I just ran it and it came back with a
>
prompt.
Dan
>
> Probably.
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list