avc denied from mDNSResponder

Gary Peck gbpeck at sbcglobal.net
Mon Jul 12 19:52:19 UTC 2004


On Mon, Jul 12, 2004 at 01:16:16PM -0400, Daniel J Walsh wrote:
> Richard Hally wrote:
> 
> >When booting in enforcing mode with the latest strict 
> >policy(selinux-policy-strict-sources-1.14.1-5)
> >the following avc denied message is produced.
> >
> >Jul 10 03:12:02 new2 network: Bringing up interface eth0:  succeeded
> >Jul 10 03:12:04 new2 kernel: audit(1089443524.677:0): avc:  denied  { 
> >name_bind } for  pid=2016 exe=/usr/bin/mDNSResponder 
> >scontext=user_u:user_r:user_t tcontext=system_u:object_r:dns_port_t 
> >tclass=udp_socket
> >
> mDNSResponder is not something we ship, (I think).  So you need to write 
> special policy for it or allow user_t to bind to the dns_port.

As someone else mentioned, it is being shipped in the latest Rawhide.
Package is howl-0.9.5-4: Howl is a cross-platform port of Apple's
"Rendezvous" (multicast DNS) service discovery and IP autoconfiguration.

gary




More information about the selinux mailing list