a few more problem with the latest policy
Farkas Levente
lfarkas at bppiac.hu
Fri Jul 15 10:46:46 UTC 2005
hi,
a few problem with the latest policy file.
------------------------------------------
# audit2allow -i /var/log/messages -l
allow apmd_t proc_t:file ioctl;
allow dhcpc_t etc_t:file { unlink write };
allow ifconfig_t initrc_t:udp_socket { read write };
------------------------------------------
and here is the relevant part of the log file
------------------------------------------
audit(1121423510.841:2): avc: denied { read write } for pid=2215
comm="ip" name="[6542]" dev=sockfs ino=6542
scontext=system_u:system_r:ifconfig_t
tcontext=system_u:system_r:initrc_t tclass=udp_socket
audit(1121423510.846:3): avc: denied { read write } for pid=2218
comm="ip" name="[6542]" dev=sockfs ino=6542
scontext=system_u:system_r:ifconfig_t
tcontext=system_u:system_r:initrc_t tclass=udp_socket
audit(1121423655.473:4): avc: denied { write } for pid=2888 comm="cp"
name="resolv.conf.predhclient" dev=hda2 ino=3997781
scontext=root:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file
audit(1121423655.473:5): avc: denied { unlink } for pid=2888
comm="cp" name="resolv.conf.predhclient" dev=hda2 ino=3997781
scontext=root:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file
audit(1121423736.907:6): avc: denied { ioctl } for pid=2982
comm="awk" name="state" dev=proc ino=-268434831
scontext=system_u:system_r:apmd_t tcontext=system_u:object_r:proc_t
tclass=file
------------------------------------------
yours.
--
Levente "Si vis pacem para bellum!"
More information about the fedora-selinux-list
mailing list