[Fwd: Re: Access attempts]
Stephen Smalley
sds at tycho.nsa.gov
Wed Jan 24 12:49:56 UTC 2007
On Tue, 2007-01-23 at 14:08 -0800, Steve G wrote:
> >No, the avc message is just misleading. The pid/comm information for
> >network layer permission checks is unreliable because the packet
> >send/recv isn't necessarily happening in the context of the process that
> >initiated the send or that will handle the recv.
>
> Seems like this should be fixed. Everything in the audit message needs to be
> accurate. I think a bug should be filed against the kernel for this.
Ok, feel free. Requires the network permission checks (in sock_rcv_skb
and ip_postroute_last) to pass some kind of flag (e.g. via a new field
in the avc_audit_data struct) to the avc to indicate that it shouldn't
try to log the pid/comm information for current.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list