SELinux is preventing khidpd_0d620558 from write access on the socket Unknown.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



SELinux is preventing khidpd_0d620558 from write access on the socket Unknown.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that khidpd_0d620558 should be allowed write access on the Unknown socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep khidpd_0d620558 /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:kernel_t:s0
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                Unknown [ socket ]
Source                        khidpd_0d620558
Source Path                   khidpd_0d620558
Port                          <Unknown>
Host                          JesusChrist.localdomain
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.9.16-16.fc15
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     JesusChrist.localdomain
Platform                      Linux JesusChrist.localdomain
                              2.6.38.3-18.fc15.x86_64 #1 SMP Fri Apr 22 13:24:23
                              UTC 2011 x86_64 x86_64
Alert Count                   7
First Seen                    Sat 23 Apr 2011 01:10:35 PM MDT
Last Seen                     Sat 23 Apr 2011 01:10:35 PM MDT
Local ID                      22003605-0f14-43ab-bb6b-a528ac18c632

Raw Audit Messages
type=AVC msg=audit(1303585835.426:3428): avc:  denied  { write } for  pid=3477 comm="khidpd_0d620558" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=socket


Hash: khidpd_0d620558,kernel_t,unlabeled_t,socket,write

audit2allow

#============= kernel_t ==============
allow kernel_t unlabeled_t:socket write;

audit2allow -R

#============= kernel_t ==============
allow kernel_t unlabeled_t:socket write;



-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux