<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div>Hello,</div><div><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">I'm implementing a custom policy based on ref policy for RHEL 6.3. I'm receiving the AVC below when the system boots. Should I allow this? I was able to find this related posting (https://bugzilla.redhat.com/show_bug.cgi?id=431562) but it was for an old version of iptables. Maybe ebtables has the same type of bug?<br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">type=PATH
msg=audit(07/12/2013 13:15:40.172:185) : item=1 name=(null) inode=4912 dev=08:02 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:ld_so_t:s0 <br>type=PATH msg=audit(07/12/2013 13:15:40.172:185) : item=0 name=/sbin/modprobe inode=12835 dev=08:02 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:insmod_exec_t:s0 <br>type=CWD msg=audit(07/12/2013 13:15:40.172:185) : cwd=/ <br>type=EXECVE msg=audit(07/12/2013 13:15:40.172:185) : argc=2 a0=/sbin/modprobe a1=ebtables <br>type=SYSCALL msg=audit(07/12/2013 13:15:40.172:185) : arch=x86_64 syscall=execve success=yes exit=0 a0=1078740 a1=7fffb5126460 a2=7fffb51266b0 a3=7fffb51261e0 items=2 ppid=2109 pid=2110 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=modprobe exe=/sbin/modprobe subj=system_u:system_r:insmod_t:s0-s0:c0.c1023 key=modules <br>type=AVC msg=audit(07/12/2013 13:15:40.172:185) : avc:
denied { read write } for pid=2110 comm=modprobe path=socket:[16196] dev=sockfs ino=16196 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:system_r:iptables_t:s0-s0:c0.c1023 tclass=rawip_socket </div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">Thanks,</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">Andy Ruch<br></div></div></body></html>