i just noticed a few strange denials on a RH 7.2 system running the 2.4.17-kernel
version. the machine is using DHCP on eth1 and gets assigned an address of 172.16.218.138.

1. Feb 1 04:02:05 fermat kernel: avc: denied { recvfrom } for pid=2235 exe=/usr/sbin/sendmail saddr=0.4.172.16 daddr=218.138.0.0 netif=eth1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:netmsg_eth1_t tclass=packet_socket

why is sendmail running in the dhcpc_t domain? and the saddr and daddr values look
mangled.

2)	Feb  2 02:37:10 fermat kernel: avc:  denied  { recvfrom } for
	saddr=172.16.218.254 source=17680
	daddr=172.16.218.138 dest=328
	netif=eth1
 	scontext=system_u:system_r:dhcpc_t
	tcontext=system_u:object_r:netmsg_eth1_t tclass=packet_socket

this looks correct, while

3)	Feb  2 02:42:06 fermat kernel: avc:  denied  { recvfrom } for
	saddr=0.8.172.16
	daddr=218.1.0.0
	netif=eth1 scontext=system_u:system_r:dhcpc_t
	tcontext=system_u:object_r:netmsg_eth1_t
	tclass=packet_socket

this also seems to have mangled the saddr/daddr fields (and if i reconstruct the fields as 172.16.218.1, i don't think that machine would ever emit DHCP or BOOTP messages, although i could be wrong).

-paul

--

You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Sat 2 Feb 2002 - 12:01:49 EST