On Wed, 2006-05-24 at 09:33 -0400, Daniel J Walsh wrote: > > I get these too. I asked about it yesterday but no response yet. Looking > > at the policy for other packages, and bearing in mind that webalizer > > still seems to work despite the denials, I suspect that these can be > > dontaudit-ed, but I'd like to know what they are first. > > > This means webalizer is trying to look at the routing table. Not sure > whether it matters whether it can or can not. Not that > valuable of information so I will probably allow. It is a common access attempt due to library probing. We commonly dontaudit it, but you could allow the read-only form (i.e. create read write nlmsg_read) to get routing information without being able to modify it (which requires nlmsg_write). Note the distinction: read and write permission means the ability to communicate with the kernel over the socket which is required for any kind of operation, whereas nlmsg_read and nlmsg_write correspond to the actual reading and writing of the routing table info (or other netlink-provided data). -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
