Why is bash accessing iptables, and arping on behalf of udev?
I expect that the dhclient-eth0.conf file is just from an inherited file
handle (although I don't know why it was opened, I don't have dhclient
installed any more, maybe a bug in hotplug).
audit(1093243252.247:0): avc: denied { getattr } for pid=2193 exe=/bin/bash
path=/sbin/iptables dev=dm-0 ino=196433 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:iptables_exec_t tclass=file
audit(1093243252.280:0): avc: denied { write } for pid=2113 exe=/bin/bash
name=dhclient-eth0.conf dev=dm-0 ino=572328 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:dhcp_etc_t tclass=file
audit(1093243252.299:0): avc: denied { getattr } for pid=2113 exe=/bin/bash
path=/sbin/arping dev=dm-0 ino=196244 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:netutils_exec_t tclass=file
audit(1093243252.300:0): avc: denied { getattr } for pid=2113 exe=/bin/bash
path=/sbin/arping dev=dm-0 ino=196244 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:netutils_exec_t tclass=file
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
