Hi All,
i've noticed that hping2 ( hping2-2.0.0-0.5.rc3 ) is not labeled with
the correct security context.
The binary is labled with context ping_exec_t:
-rwxr-xr-x root root system_u:object_r:ping_exec_t
/usr/sbin/hping2
But the ping_exec_t domain does not allow the creation of packet socket.
Here's the audit log :
type=AVC msg=audit(1144338231.596:1933): avc: denied { create } for
pid=17334 comm="hping2" scontext=user_u:system_r:ping_t:s0-s0:c0.c255
tcontext=user_u:system_r:ping_t:s0-s0:c0.c255 tclass=packet_socket
To work around this issue, i simply changed the context of hping2 to
sbin_t and it works fine.
The other option is to modify the ping_t domain to allow the creation of
packet socket.
audit2allow yields the following rule:
allow ping_t self:packet_socket create;
I'll leave the decision up to the package maintainer !
--
Charles-Edouard Ruault
GPG key Id E4D2B80C
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
