Stephen Smalley wrote:
On Wed, 2007-01-17 at 13:32 -0700, Ken wrote:
I just realized I sent this to myself instead of to the list...
-------- Original Message --------
Subject:
Re: Access attempts
Date:
Fri, 12 Jan 2007 17:13:13 -0700
From:
Ken <mantaray_1@xxxxxxx>
To:
Ken <mantaray_1@xxxxxxx>
References:
<45A81E60.9020409@xxxxxxx>
Ken wrote:
I was hoping someone could help me to understand what might be
happening to trigger the access attempts I am blocking with my policy
which are listed below. They only seem to appear when I am logged in
to the "Blackboard" program at the university I attend. I have
already taken several steps to limit what my browser can do, and I do
not understand how it can trigger such attempts.
**********************
**********************
Jan 11 15:39:17 schoolhost kernel: audit(1168555157.756:587): avc:
denied { rawip_send } for saddr=192.168.0.2 src=""
daddr=129.219.10.40 dest=443 netif=eth0
scontext=system_u:system_r:kernel_t:s15:c0.c255
tcontext=system_u:object_r:netif_eth0_t:s0-s15:c0.c255 tclass=netif
Jan 11 15:39:17 schoolhost kernel: audit(1168555157.992:588): avc:
denied { rawip_send } for saddr=192.168.0.2 src=""
daddr=129.219.10.40 dest=443 netif=eth0
scontext=system_u:system_r:kernel_t:s15:c0.c255
tcontext=system_u:object_r:netif_eth0_t:s0-s15:c0.c255 tclass=netif
Jan 11 15:39:18 schoolhost kernel: audit(1168555158.212:590): avc:
denied { rawip_send } for saddr=192.168.0.2 src=""
daddr=129.219.10.30 dest=443 netif=eth0
scontext=system_u:system_r:kernel_t:s15:c0.c255
tcontext=system_u:object_r:netif_eth0_t:s0-s15:c0.c255 tclass=netif
Jan 11 15:39:19 schoolhost kernel: audit(1168555159.433:600): avc:
denied { rawip_send } for pid=2465 comm="X" saddr=192.168.0.2
src="" daddr=129.219.10.40 dest=443 netif=eth0
scontext=system_u:system_r:kernel_t:s15:c0.c255
tcontext=system_u:object_r:netif_eth0_t:s0-s15:c0.c255 tclass=netif
**********************
**********************
Thanks in advance,
Ken.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
I just noticed that I sent the wrong part of the log. I accidentally
removed this from the previous post instead of the repeated messages:
************
************
Jan 11 15:39:18 schoolhost kernel: audit(1168555158.481:593): avc:
denied { rawip_send } for pid=417 comm="kjournald" saddr=192.168.0.2
src="" daddr=129.219.10.30 dest=443 netif=eth0
scontext=system_u:system_r:kernel_t:s15:c0.c255
tcontext=system_u:object_r:netif_eth0_t:s0-s15:c0.c255 tclass=netif
************
************
My concern is that somehow the browser seems to be able to entice other
running processes, such as "X" and "kjournald" to attempt Internet access.
No, the avc message is just misleading. The pid/comm information for
network layer permission checks is unreliable because the packet
send/recv isn't necessarily happening in the context of the process that
initiated the send or that will handle the recv. Note in particular the
use of kernel_t in the scontext; that is a kernel socket, e.g. ICMP
traffic.
Thanks for the information.
-Ken-
|
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
