iptables denied read to inotifyfs
Daniel J Walsh
dwalsh at redhat.com
Wed Jan 2 18:30:07 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/28/2012 01:10 AM, Kristen R wrote:
>
> I am finding after a reboot of my server these AVC denials:
>
> type=AVC msg=audit(1356666298.031:40): avc: denied { read } for pid=2837
> comm="iptables" path="inotify" dev=inotifyfs ino=337
> scontext=system_u:system_r:iptables_t:s0
> tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
>
> Installed is: selinux-policy-2.4.6-327.el5
>
> on a CentOS 5.5 build with kernel 2.6.18-308.24.1.el5
>
> Should this be allowed?
>
> Kristen
>
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
Most likely a leak, and you could dontaudit it.
http://danwalsh.livejournal.com/53603.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlDkfK8ACgkQrlYvE4MpobNN4gCdH58VwKMP/LrK+IXICDoxN5Mt
jgcAnixj0gn/Da1muMp1LzmobMvXr3O9
=yrmG
-----END PGP SIGNATURE-----
More information about the selinux
mailing list