On Tue, 2007-01-23 at 14:08 -0800, Steve G wrote: > >No, the avc message is just misleading. The pid/comm information for > >network layer permission checks is unreliable because the packet > >send/recv isn't necessarily happening in the context of the process that > >initiated the send or that will handle the recv. > > Seems like this should be fixed. Everything in the audit message needs to be > accurate. I think a bug should be filed against the kernel for this. Ok, feel free. Requires the network permission checks (in sock_rcv_skb and ip_postroute_last) to pass some kind of flag (e.g. via a new field in the avc_audit_data struct) to the avc to indicate that it shouldn't try to log the pid/comm information for current. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
