[Fwd: Re: Access attempts]

Ken <mantaray_1@xxxxxxx> · Fri, 12 Jan 2007 17:13:13 -0700

I just realized I sent this to myself instead of to the list...

-------- Original Message --------

      Subject: 
      Re: Access attempts

      Date: 
      Fri, 12 Jan 2007 17:13:13 -0700

      From: 
      Ken <mantaray_1@xxxxxxx>

      To: 
      Ken <mantaray_1@xxxxxxx>

      References: 
      <45A81E60.9020409@xxxxxxx>

Ken wrote:
> I was hoping someone could help me to understand what might be 
> happening to trigger the access attempts I am blocking with my policy 
> which are listed below.  They only seem to appear when I am logged in 
> to the "Blackboard" program at the university I attend.  I have 
> already taken several steps to limit what my browser can do, and I do 
> not understand how it can trigger such attempts.
> **********************
> **********************
> Jan 11 15:39:17 schoolhost kernel: audit(1168555157.756:587): avc:  
> denied  { rawip_send } for  saddr=192.168.0.2 src="" 
> daddr=129.219.10.40 dest=443 netif=eth0 
> scontext=system_u:system_r:kernel_t:s15:c0.c255 
> tcontext=system_u:object_r:netif_eth0_t:s0-s15:c0.c255 tclass=netif
>
> Jan 11 15:39:17 schoolhost kernel: audit(1168555157.992:588): avc:  
> denied  { rawip_send } for  saddr=192.168.0.2 src="" 
> daddr=129.219.10.40 dest=443 netif=eth0 
> scontext=system_u:system_r:kernel_t:s15:c0.c255 
> tcontext=system_u:object_r:netif_eth0_t:s0-s15:c0.c255 tclass=netif
>
> Jan 11 15:39:18 schoolhost kernel: audit(1168555158.212:590): avc:  
> denied  { rawip_send } for  saddr=192.168.0.2 src="" 
> daddr=129.219.10.30 dest=443 netif=eth0 
> scontext=system_u:system_r:kernel_t:s15:c0.c255 
> tcontext=system_u:object_r:netif_eth0_t:s0-s15:c0.c255 tclass=netif
>
> Jan 11 15:39:19 schoolhost kernel: audit(1168555159.433:600): avc:  
> denied  { rawip_send } for  pid=2465 comm="X" saddr=192.168.0.2 
> src="" daddr=129.219.10.40 dest=443 netif=eth0 
> scontext=system_u:system_r:kernel_t:s15:c0.c255 
> tcontext=system_u:object_r:netif_eth0_t:s0-s15:c0.c255 tclass=netif
> **********************
> **********************
>
> Thanks in advance,
> Ken.
>
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
I just noticed that I sent the wrong part of the log.   I accidentally 
removed this from the previous post instead of the repeated messages:

************
************
Jan 11 15:39:18 schoolhost kernel: audit(1168555158.481:593): avc:  
denied  { rawip_send } for  pid=417 comm="kjournald" saddr=192.168.0.2 
src="" daddr=129.219.10.30 dest=443 netif=eth0 
scontext=system_u:system_r:kernel_t:s15:c0.c255 
tcontext=system_u:object_r:netif_eth0_t:s0-s15:c0.c255 tclass=netif
************
************

My concern is that somehow the browser seems to be able to entice other 
running processes, such as "X" and "kjournald" to attempt Internet access.

-Ken-

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list