avc: denied { something }
Russell Coker
russell at coker.com.au
Sat Apr 10 14:20:27 UTC 2004
On Fri, 9 Apr 2004 22:02, Christian Schlaefcke <cschlaefcke at wms-network.de>
wrote:
> Apr 9 13:59:06 my_server kernel: audit(1081511946.904:0): avc: denied
> { search } for pid=3178 exe=/sbin/ifconfig name=net dev= ino=4198
> scontext=system_u:system_r:kernel_t
> tcontext=system_u:object_r:sysctl_net_t tclass=dir
Do you know what the parent process is? If you are in enforcing mode then
there should be an application message in the syslog about ifconfig returning
an error code which should give an indication of the parent process.
ifconfig is not supposed to run in the kernel_t domain.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the test
mailing list