avc denied from mDNSResponder
Daniel J Walsh
dwalsh at redhat.com
Mon Jul 12 17:16:16 UTC 2004
Richard Hally wrote:
> When booting in enforcing mode with the latest strict
> policy(selinux-policy-strict-sources-1.14.1-5)
> the following avc denied message is produced.
>
> Jul 10 03:12:02 new2 network: Bringing up interface eth0: succeeded
> Jul 10 03:12:04 new2 kernel: audit(1089443524.677:0): avc: denied {
> name_bind
> } for pid=2016 exe=/usr/bin/mDNSResponder
> scontext=user_u:user_r:user_t tcontext=system_u:object_r:dns_port_t
> tclass=udp_socket
>
mDNSResponder is not something we ship, (I think). So you need to write
special policy for it or allow user_t to bind to the dns_port.
>
> HTH
> Richard Hally
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the selinux
mailing list