kernel_t and rawip

Christopher J. PeBenito cpebenito at tresys.com
Thu May 24 14:54:49 UTC 2007


On Wed, 2007-05-23 at 15:11 -0700, Ken wrote:
> I became interested in SELinux primarily to increase the level of 
> security I have when I am connected to the Internet, and until recently 
> I have not allowed kernel_t to send or receive rawip over the Internet. 
>   I have recently allowed this because I was having difficulty making an 
> online payment without this enabled.  Since enabling this, I have 
> wondered what the security implications of allowing kernel_t to send and 
> receive rawip on the Internet are;

Its normal behavior, the kernel needs the permission so can handle ICMP
traffic, e.g. ping replies, destination unreachable, etc.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150




More information about the fedora-selinux-list mailing list