avc denied from mDNSResponder
Gary Peck
gbpeck at sbcglobal.net
Mon Jul 12 19:52:19 UTC 2004
On Mon, Jul 12, 2004 at 01:16:16PM -0400, Daniel J Walsh wrote:
> Richard Hally wrote:
>
> >When booting in enforcing mode with the latest strict
> >policy(selinux-policy-strict-sources-1.14.1-5)
> >the following avc denied message is produced.
> >
> >Jul 10 03:12:02 new2 network: Bringing up interface eth0: succeeded
> >Jul 10 03:12:04 new2 kernel: audit(1089443524.677:0): avc: denied {
> >name_bind } for pid=2016 exe=/usr/bin/mDNSResponder
> >scontext=user_u:user_r:user_t tcontext=system_u:object_r:dns_port_t
> >tclass=udp_socket
> >
> mDNSResponder is not something we ship, (I think). So you need to write
> special policy for it or allow user_t to bind to the dns_port.
As someone else mentioned, it is being shipped in the latest Rawhide.
Package is howl-0.9.5-4: Howl is a cross-platform port of Apple's
"Rendezvous" (multicast DNS) service discovery and IP autoconfiguration.
gary
More information about the selinux
mailing list