a few more problem with the latest policy
Daniel J Walsh
dwalsh at redhat.com
Fri Jul 15 12:37:00 UTC 2005
Farkas Levente wrote:
> hi,
> a few problem with the latest policy file.
> ------------------------------------------
> # audit2allow -i /var/log/messages -l
> allow apmd_t proc_t:file ioctl;
Added,
> allow dhcpc_t etc_t:file { unlink write };
restorecon /etc/resolv.conf*
> allow ifconfig_t initrc_t:udp_socket { read write };
No idea what is causing this.
>
> ------------------------------------------
> and here is the relevant part of the log file
> ------------------------------------------
> audit(1121423510.841:2): avc: denied { read write } for pid=2215
> comm="ip" name="[6542]" dev=sockfs ino=6542
> scontext=system_u:system_r:ifconfig_t
> tcontext=system_u:system_r:initrc_t tclass=udp_socket
> audit(1121423510.846:3): avc: denied { read write } for pid=2218
> comm="ip" name="[6542]" dev=sockfs ino=6542
> scontext=system_u:system_r:ifconfig_t
> tcontext=system_u:system_r:initrc_t tclass=udp_socket
> audit(1121423655.473:4): avc: denied { write } for pid=2888
> comm="cp" name="resolv.conf.predhclient" dev=hda2 ino=3997781
> scontext=root:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file
> audit(1121423655.473:5): avc: denied { unlink } for pid=2888
> comm="cp" name="resolv.conf.predhclient" dev=hda2 ino=3997781
> scontext=root:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file
> audit(1121423736.907:6): avc: denied { ioctl } for pid=2982
> comm="awk" name="state" dev=proc ino=-268434831
> scontext=system_u:system_r:apmd_t tcontext=system_u:object_r:proc_t
> tclass=file
> ------------------------------------------
> yours.
>
--
More information about the selinux
mailing list