>>SELinux Mailing List

Contents

Overview

What's New

Frequently Asked Questions

Background

Documentation

License

Download

Participating

Mail List

Archive Summary

Archive by Thread

Archive by Author

Archive by Date

Archive by Subject

Remaining Work

Contributors

Related Work

Press Releases

Re: network and module problems

From: Stephen Smalley <sds_at_tislabs.com>
Date: Fri, 25 Jan 2002 14:04:13 -0500 (EST)

On 25 Jan 2002, Timothy Wood wrote:

> kernel: avc: denied { create } for pid=761 exe=/sbin/ip
> scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t
> tclass=netlink_socket

Yes, at present, there isn't a domain transition from sysadm_t to netutils_t, so this isn't surprising. But this wouldn't occur when run by the rc scripts, and it doesn't explain why you would have a problem when in permissive mode. I still think you have a bad kernel configuration (missing one or both of the Netlink or Routing messages options).

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com




--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Received on Fri 25 Jan 2002 - 14:14:47 EST

This message: [ Message body ]
Next message: Timothy Wood: "Re: network and module problems"
Previous message: paul krumviede: "Re: Rules for SELinux in a vmware session"
In reply to: Timothy Wood: "Re: network and module problems"
Next in thread: Timothy Wood: "Re: network and module problems"
Reply: Timothy Wood: "Re: network and module problems"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:26 EDT