Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert Nichols wrote:
That still leaves the 2nd AVC, path="socket[63191]".
I have no idea what that socket is for. OK, I just ran an strace on
grephistory, and the only socket it uses is to /dev/log. What, innd_t
isn't
allowed to talk to syslogd?!?!?
NO this is a leaked file descriptor. You have a process running
unconfined_t that is transitioning to innd_t and leaking an open file
descriptor to innd_t. Without SELinux innd_t would be able to
communicate on this open tcp_socket. SELinux closes the descriptor and
reports the AVC.
Good call. The socket to the upstream news server was indeed being
leaked. I'll set the close-on-exec flag on its file descriptor.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
