policy problem with netlink sockets
Richard Hally
rhallyx at mindspring.com
Wed Jun 23 03:57:18 UTC 2004
Attached in the 'spew' file is the last 200 lines from doing a make
reload of the latest strict policy
(selinux-policy-strict-sources-1.13.7-1). Below are some of the avc
denied messages generated immediately after the newly made policy was
loaded. Does this need to be put into bugzilla?
Richard Hally
Jun 22 23:37:38 new2 kernel: audit(1087961858.402:0): avc: granted {
load_policy } for pid=13433 exe=/usr/sbin/load_policy
scontext=root:sysadm_r:load_policy_t
tcontext=system_u:object_r:security_t tclass=security
Jun 22 23:37:38 new2 kernel: security: 6 users, 7 roles, 1254 types, 1
bools
Jun 22 23:37:38 new2 kernel: security: 51 classes, 340144 rules
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc: denied {
create } for pid=3051 exe=/usr/bin/gnome-session
scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t
tclass=netlink_route_socket
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc: denied {
bind } for pid=3051 exe=/usr/bin/gnome-session
scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t
tclass=netlink_route_socket
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc: denied {
getattr }
for pid=3051 exe=/usr/bin/gnome-session
scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t
tclass=netlink_route_socket
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc: denied {
write } for pid=3051 exe=/usr/bin/gnome-session
scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t
tclass=netlink_route_socket
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc: denied {
nlmsg_read } for pid=3051 exe=/usr/bin/gnome-session
scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t
tclass=netlink_route_socket
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc: denied {
read } for pid=3051 exe=/usr/bin/gnome-session
scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t
tclass=netlink_route_socket
:
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: spew
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040622/5803ad0e/attachment.ksh>
More information about the fedora-selinux-list
mailing list