Odd AVC from tcpdump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Whenever tcpdump fills a savefile to capacity (-C option) and tries to open
a new one, I get the following AVC denial:

kernel: audit(1204485464.409:106): avc:  denied  { search } for
pid=2702 comm="tcpdump" name="/" dev=hdb1 ino=2 scontext=system_u:system_r:netutils_t:s0 t
context=system_u:object_r:default_t:s0 tclass=dir

Any suggestions as the the proper fix to make this work?  The target directory
for the savefiles has context system_u:object_r:netutils_tmp_t, and I get no
complaints about that directory or its files.  I have no idea what tcpdump
might be searching for in the root directory or, for that matter, why search
permission in a default_t directory should be denied.

System:  CentOS 5.1
selinux-policy-targeted-2.4.6-106.el5_1.3
kernel-2.6.18-53.1.13.el5
tcpdump-3.9.4-11.el5
-rwxr-xr-x  root root system_u:object_r:netutils_exec_t /usr/sbin/tcpdump

--
Bob Nichols     "NOSPAM" is really part of my email address.
                Do NOT delete it.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux