If I attempt to use nsupdate from under an ordinary user (which
shouldn't be a problem, should it?), then I see
audit(1079022100.499:0): avc: denied { bind } for pid=18759
exe=/usr/bin/nsupdate scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=netlink_socket
audit(1079022100.499:0): avc: denied { getattr } for pid=18759
exe=/usr/bin/nsupdate scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=netlink_socket
audit(1079022100.499:0): avc: denied { write } for pid=18759
exe=/usr/bin/nsupdate scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=netlink_socket
audit(1079022100.500:0): avc: denied { read } for pid=18759
exe=/usr/bin/nsupdate scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=netlink_socket
Not sure what this is all about.
--
Aleksey Nogin
Home Page:
http://nogin.org/
E-Mail: nogin(a)cs.caltech.edu (office), aleksey(a)nogin.org (personal)
Office: Jorgensen 70, tel: (626) 395-2907