On Friday 07 April 2006 02:09, Charles-Edouard Ruault <ce@xxxxxxxxxx> wrote:
> But the ping_exec_t domain does not allow the creation of packet socket.
> Here's the audit log :
> type=AVC msg=audit(1144338231.596:1933): avc: denied { create } for
> pid=17334 comm="hping2" scontext=user_u:system_r:ping_t:s0-s0:c0.c255
> tcontext=user_u:system_r:ping_t:s0-s0:c0.c255 tclass=packet_socket
Allowing the packet_socket access seems appropriate as it's just different
ways of doing the same thing.
In my next update to the rawhide policy I'll include this. Not sure if it's
worth doing for FC5 as hping isn't in Core.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
