policy problem with netlink sockets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Attached in the 'spew' file is the last 200 lines from doing a make reload of the latest strict policy
(selinux-policy-strict-sources-1.13.7-1). Below are some of the avc denied messages generated immediately after the newly made policy was loaded. Does this need to be put into bugzilla?
Richard Hally

Jun 22 23:37:38 new2 kernel: audit(1087961858.402:0): avc: granted { load_policy } for pid=13433 exe=/usr/sbin/load_policy scontext=root:sysadm_r:load_policy_t tcontext=system_u:object_r:security_t tclass=security
Jun 22 23:37:38 new2 kernel: security: 6 users, 7 roles, 1254 types, 1 bools
Jun 22 23:37:38 new2 kernel: security: 51 classes, 340144 rules
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc: denied { create } for pid=3051 exe=/usr/bin/gnome-session scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t tclass=netlink_route_socket
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc: denied { bind } for pid=3051 exe=/usr/bin/gnome-session scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t tclass=netlink_route_socket
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc: denied { getattr }
for pid=3051 exe=/usr/bin/gnome-session scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t tclass=netlink_route_socket
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc: denied { write } for pid=3051 exe=/usr/bin/gnome-session scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t tclass=netlink_route_socket
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc: denied { nlmsg_read } for pid=3051 exe=/usr/bin/gnome-session scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t tclass=netlink_route_socket
Jun 22 23:41:25 new2 kernel: audit(1087962085.540:0): avc: denied { read } for pid=3051 exe=/usr/bin/gnome-session scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t tclass=netlink_route_socket
:

domains/program/firstboot.te:124:WARNING 'remapping class netlink_dnrt_socket to netlink_socket for policy version 17' at token ';' on line 107984:
#line 124
allow firstboot_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux
domains/program/hotplug.te:147:WARNING 'remapping class netlink_route_socket to netlink_socket for policy version 17' at token ';' on line 114418:
#line 147
allow hotplug_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_s
domains/program/hotplug.te:147:WARNING 'remapping class netlink_firewall_socket to netlink_socket for policy version 17' at token ';' on line 114418:
#line 147
allow hotplug_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_s
domains/program/hotplug.te:147:WARNING 'remapping class netlink_tcpdiag_socket to netlink_socket for policy version 17' at token ';' on line 114418:
#line 147
allow hotplug_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_s
domains/program/hotplug.te:147:WARNING 'remapping class netlink_nflog_socket to netlink_socket for policy version 17' at token ';' on line 114418:
#line 147
allow hotplug_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_s
domains/program/hotplug.te:147:WARNING 'remapping class netlink_xfrm_socket to netlink_socket for policy version 17' at token ';' on line 114418:
#line 147
allow hotplug_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_s
domains/program/hotplug.te:147:WARNING 'remapping class netlink_selinux_socket to netlink_socket for policy version 17' at token ';' on line 114418:
#line 147
allow hotplug_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_s
domains/program/hotplug.te:147:WARNING 'remapping class netlink_audit_socket to netlink_socket for policy version 17' at token ';' on line 114418:
#line 147
allow hotplug_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_s
domains/program/hotplug.te:147:WARNING 'remapping class netlink_ip6fw_socket to netlink_socket for policy version 17' at token ';' on line 114418:
#line 147
allow hotplug_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_s
domains/program/hotplug.te:147:WARNING 'remapping class netlink_dnrt_socket to netlink_socket for policy version 17' at token ';' on line 114418:
#line 147
allow hotplug_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_s
domains/program/ifconfig.te:27:WARNING 'remapping class netlink_route_socket to netlink_socket for policy version 17' at token ';' on line 116234:
# for /sbin/ip
allow ifconfig_t self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_write read write };
domains/program/inetd.te:127:WARNING 'remapping class netlink_route_socket to netlink_socket for policy version 17' at token ';' on line 118626:
#line 127
allow inetd_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_soc
domains/program/inetd.te:127:WARNING 'remapping class netlink_firewall_socket to netlink_socket for policy version 17' at token ';' on line 118626:
#line 127
allow inetd_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_soc
domains/program/inetd.te:127:WARNING 'remapping class netlink_tcpdiag_socket to netlink_socket for policy version 17' at token ';' on line 118626:
#line 127
allow inetd_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_soc
domains/program/inetd.te:127:WARNING 'remapping class netlink_nflog_socket to netlink_socket for policy version 17' at token ';' on line 118626:
#line 127
allow inetd_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_soc
domains/program/inetd.te:127:WARNING 'remapping class netlink_xfrm_socket to netlink_socket for policy version 17' at token ';' on line 118626:
#line 127
allow inetd_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_soc
domains/program/inetd.te:127:WARNING 'remapping class netlink_selinux_socket to netlink_socket for policy version 17' at token ';' on line 118626:
#line 127
allow inetd_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_soc
domains/program/inetd.te:127:WARNING 'remapping class netlink_audit_socket to netlink_socket for policy version 17' at token ';' on line 118626:
#line 127
allow inetd_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_soc
domains/program/inetd.te:127:WARNING 'remapping class netlink_ip6fw_socket to netlink_socket for policy version 17' at token ';' on line 118626:
#line 127
allow inetd_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_soc
domains/program/inetd.te:127:WARNING 'remapping class netlink_dnrt_socket to netlink_socket for policy version 17' at token ';' on line 118626:
#line 127
allow inetd_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_soc
domains/program/initrc.te:312:WARNING 'remapping class netlink_route_socket to netlink_socket for policy version 17' at token ';' on line 120997:
allow initrc_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 312
domains/program/initrc.te:312:WARNING 'remapping class netlink_firewall_socket to netlink_socket for policy version 17' at token ';' on line 120997:
allow initrc_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 312
domains/program/initrc.te:312:WARNING 'remapping class netlink_tcpdiag_socket to netlink_socket for policy version 17' at token ';' on line 120997:
allow initrc_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 312
domains/program/initrc.te:312:WARNING 'remapping class netlink_nflog_socket to netlink_socket for policy version 17' at token ';' on line 120997:
allow initrc_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 312
domains/program/initrc.te:312:WARNING 'remapping class netlink_xfrm_socket to netlink_socket for policy version 17' at token ';' on line 120997:
allow initrc_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 312
domains/program/initrc.te:312:WARNING 'remapping class netlink_selinux_socket to netlink_socket for policy version 17' at token ';' on line 120997:
allow initrc_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 312
domains/program/initrc.te:312:WARNING 'remapping class netlink_audit_socket to netlink_socket for policy version 17' at token ';' on line 120997:
allow initrc_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 312
domains/program/initrc.te:312:WARNING 'remapping class netlink_ip6fw_socket to netlink_socket for policy version 17' at token ';' on line 120997:
allow initrc_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 312
domains/program/initrc.te:312:WARNING 'remapping class netlink_dnrt_socket to netlink_socket for policy version 17' at token ';' on line 120997:
allow initrc_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 312
domains/program/modutil.te:79:WARNING 'remapping class netlink_route_socket to netlink_socket for policy version 17' at token ';' on line 136851:
allow insmod_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 79
domains/program/modutil.te:79:WARNING 'remapping class netlink_firewall_socket to netlink_socket for policy version 17' at token ';' on line 136851:
allow insmod_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 79
domains/program/modutil.te:79:WARNING 'remapping class netlink_tcpdiag_socket to netlink_socket for policy version 17' at token ';' on line 136851:
allow insmod_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 79
domains/program/modutil.te:79:WARNING 'remapping class netlink_nflog_socket to netlink_socket for policy version 17' at token ';' on line 136851:
allow insmod_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 79
domains/program/modutil.te:79:WARNING 'remapping class netlink_xfrm_socket to netlink_socket for policy version 17' at token ';' on line 136851:
allow insmod_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 79
domains/program/modutil.te:79:WARNING 'remapping class netlink_selinux_socket to netlink_socket for policy version 17' at token ';' on line 136851:
allow insmod_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 79
domains/program/modutil.te:79:WARNING 'remapping class netlink_audit_socket to netlink_socket for policy version 17' at token ';' on line 136851:
allow insmod_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 79
domains/program/modutil.te:79:WARNING 'remapping class netlink_ip6fw_socket to netlink_socket for policy version 17' at token ';' on line 136851:
allow insmod_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 79
domains/program/modutil.te:79:WARNING 'remapping class netlink_dnrt_socket to netlink_socket for policy version 17' at token ';' on line 136851:
allow insmod_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_so
#line 79
domains/program/named.te:136:WARNING 'remapping class netlink_route_socket to netlink_socket for policy version 17' at token ';' on line 143917:
allow ndc_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
 
domains/program/netutils.te:34:WARNING 'remapping class netlink_route_socket to netlink_socket for policy version 17' at token ';' on line 145163:
allow netutils_t self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_write read write };
# Create and use netlink sockets.
domains/program/rpm.te:239:WARNING 'remapping class netlink_route_socket to netlink_socket for policy version 17' at token ';' on line 175440:
#line 239
allow rpm_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socke
domains/program/rpm.te:239:WARNING 'remapping class netlink_firewall_socket to netlink_socket for policy version 17' at token ';' on line 175440:
#line 239
allow rpm_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socke
domains/program/rpm.te:239:WARNING 'remapping class netlink_tcpdiag_socket to netlink_socket for policy version 17' at token ';' on line 175440:
#line 239
allow rpm_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socke
domains/program/rpm.te:239:WARNING 'remapping class netlink_nflog_socket to netlink_socket for policy version 17' at token ';' on line 175440:
#line 239
allow rpm_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socke
domains/program/rpm.te:239:WARNING 'remapping class netlink_xfrm_socket to netlink_socket for policy version 17' at token ';' on line 175440:
#line 239
allow rpm_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socke
domains/program/rpm.te:239:WARNING 'remapping class netlink_selinux_socket to netlink_socket for policy version 17' at token ';' on line 175440:
#line 239
allow rpm_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socke
domains/program/rpm.te:239:WARNING 'remapping class netlink_audit_socket to netlink_socket for policy version 17' at token ';' on line 175440:
#line 239
allow rpm_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socke
domains/program/rpm.te:239:WARNING 'remapping class netlink_ip6fw_socket to netlink_socket for policy version 17' at token ';' on line 175440:
#line 239
allow rpm_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socke
domains/program/rpm.te:239:WARNING 'remapping class netlink_dnrt_socket to netlink_socket for policy version 17' at token ';' on line 175440:
#line 239
allow rpm_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socke
domains/program/rpm.te:239:WARNING 'remapping class netlink_route_socket to netlink_socket for policy version 17' at token ';' on line 175576:
#line 239
allow rpm_script_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
domains/program/rpm.te:239:WARNING 'remapping class netlink_firewall_socket to netlink_socket for policy version 17' at token ';' on line 175576:
#line 239
allow rpm_script_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
domains/program/rpm.te:239:WARNING 'remapping class netlink_tcpdiag_socket to netlink_socket for policy version 17' at token ';' on line 175576:
#line 239
allow rpm_script_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
domains/program/rpm.te:239:WARNING 'remapping class netlink_nflog_socket to netlink_socket for policy version 17' at token ';' on line 175576:
#line 239
allow rpm_script_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
domains/program/rpm.te:239:WARNING 'remapping class netlink_xfrm_socket to netlink_socket for policy version 17' at token ';' on line 175576:
#line 239
allow rpm_script_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
domains/program/rpm.te:239:WARNING 'remapping class netlink_selinux_socket to netlink_socket for policy version 17' at token ';' on line 175576:
#line 239
allow rpm_script_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
domains/program/rpm.te:239:WARNING 'remapping class netlink_audit_socket to netlink_socket for policy version 17' at token ';' on line 175576:
#line 239
allow rpm_script_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
domains/program/rpm.te:239:WARNING 'remapping class netlink_ip6fw_socket to netlink_socket for policy version 17' at token ';' on line 175576:
#line 239
allow rpm_script_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
domains/program/rpm.te:239:WARNING 'remapping class netlink_dnrt_socket to netlink_socket for policy version 17' at token ';' on line 175576:
#line 239
allow rpm_script_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
domains/program/snort.te:18:WARNING 'remapping class netlink_route_socket to netlink_socket for policy version 17' at token ';' on line 183684:
# use iptable netlink
allow snort_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
domains/program/snort.te:19:WARNING 'remapping class netlink_firewall_socket to netlink_socket for policy version 17' at token ';' on line 183685:
allow snort_t self:netlink_firewall_socket { bind create getattr nlmsg_read read write };
allow snort_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
domains/program/traceroute.te:33:WARNING 'remapping class netlink_route_socket to netlink_socket for policy version 17' at token ';' on line 194591:
allow traceroute_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
allow traceroute_t self:rawip_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
domains/program/unconfined.te:15:WARNING 'remapping class netlink_route_socket to netlink_socket for policy version 17' at token ';' on line 197331:
allow unconfined_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
#line 15
domains/program/unconfined.te:15:WARNING 'remapping class netlink_firewall_socket to netlink_socket for policy version 17' at token ';' on line 197331:
allow unconfined_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
#line 15
domains/program/unconfined.te:15:WARNING 'remapping class netlink_tcpdiag_socket to netlink_socket for policy version 17' at token ';' on line 197331:
allow unconfined_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
#line 15
domains/program/unconfined.te:15:WARNING 'remapping class netlink_nflog_socket to netlink_socket for policy version 17' at token ';' on line 197331:
allow unconfined_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
#line 15
domains/program/unconfined.te:15:WARNING 'remapping class netlink_xfrm_socket to netlink_socket for policy version 17' at token ';' on line 197331:
allow unconfined_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
#line 15
domains/program/unconfined.te:15:WARNING 'remapping class netlink_selinux_socket to netlink_socket for policy version 17' at token ';' on line 197331:
allow unconfined_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
#line 15
domains/program/unconfined.te:15:WARNING 'remapping class netlink_audit_socket to netlink_socket for policy version 17' at token ';' on line 197331:
allow unconfined_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
#line 15
domains/program/unconfined.te:15:WARNING 'remapping class netlink_ip6fw_socket to netlink_socket for policy version 17' at token ';' on line 197331:
allow unconfined_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
#line 15
domains/program/unconfined.te:15:WARNING 'remapping class netlink_dnrt_socket to netlink_socket for policy version 17' at token ';' on line 197331:
allow unconfined_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinu
#line 15
domains/program/vmware.te:91:WARNING 'remapping class netlink_route_socket to netlink_socket for policy version 17' at token ';' on line 202339:
allow kernel_t self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_write read write };
allow kernel_t self:capability { net_admin };
security:  6 users, 7 roles, 1254 types, 1 bools
security:  51 classes, 309579 rules
/usr/bin/checkpolicy:  policy configuration loaded
/usr/bin/checkpolicy:  writing binary representation (version 17) to /etc/selinux/strict/policy/policy.17
Building file_contexts ...
install -m 644 file_contexts/file_contexts /etc/selinux/strict/contexts/files/file_contexts
/usr/sbin/load_policy /etc/selinux/strict/policy/policy.`cat /selinux/policyvers`
touch tmp/load
[root@new2 policy]#
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux