Ben wrote:
I get this a LOT on my fedora postgres server:
kernel: audit(1148742297.318:91630): avc: denied { create } for
pid=29176 comm="postmaster" scontext=system_u:system_r:postgresql_t:s0
tcontext=system_u:system_r:postgresql_t:s0 tclass=netlink_route_socket
There have been some changes to glibc that are causing these. So policy
is being updated to allow. Basically anything to looks up information
through nsswitch
is going to need this priv. The domain wants to look at the routing table.
allow postgresql_t self:netlink_route_socket r_netlink_socket_perms;
Fixes the problem.
It doesn't seem to harm anything, but it hardly seems like it should
be there, either. Ideas?
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
