"getcap" AVCs ....
Daniel J Walsh
dwalsh at redhat.com
Thu Feb 21 16:26:26 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tom London wrote:
> Running selinux-policy-targeted-3.2.9-1.fc9.noarch
>
> type=AVC msg=audit(1203608392.877:5): avc: denied { getcap } for
> pid=2231 comm="dbus-daemon"
> scontext=system_u:system_r:system_dbusd_t:s0
> tcontext=system_u:system_r:system_dbusd_t:s0 tclass=process
> type=SYSCALL msg=audit(1203608392.877:5): arch=40000003 syscall=184
> success=no exit=-14 a0=b93db7f4 a1=0 a2=1a20f0 a3=b93db7f0 items=0
> ppid=1 pid=2231 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dbus-daemon"
> exe="/bin/dbus-daemon" subj=system_u:system_r:system_dbusd_t:s0
> key=(null)
>
> and
>
> type=AVC msg=audit(1203608414.575:14): avc: denied { getcap } for
> pid=2295 comm="ntpd" scontext=system_u:system_r:ntpd_t:s0
> tcontext=system_u:system_r:ntpd_t:s0 tclass=process
> type=SYSCALL msg=audit(1203608414.575:14): arch=40000003 syscall=184
> success=no exit=-14 a0=b8ab14cc a1=0 a2=2ad0f0 a3=b8ab14c8 items=0
> ppid=1 pid=2295 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38
> egid=38 sgid=38 fsgid=38 tty=(none) ses=4294967295 comm="ntpd"
> exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)
>
> tom
I wonder if everyone that now calls setcap now needs getcap?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAke9pjEACgkQrlYvE4MpobNruACgqwsyCF16Um2Olk175kVgev8L
jJAAniSkw7os9Z6U34deIhk9rvCeF5N2
=fpr3
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list