On 03/16/2010 11:44 AM, Robert Nichols wrote:
> Where can netutils_t write? I have ifup_local starting a tcpdump process
> that needs to create and write files. Using 'sesearch' I thought I found
> that netutils_t would be a suitable target context, but now my supposedly
> unconfined root shell cannot manage files there (write/link/chcon/...).
>
>
netutils_t is a process context not a file context.
# sesearch -A -s netutils_t -c file -p write
Found 4 semantic av rules:
allow domain afs_cache_t : file { read write } ;
allow netutils_t netutils_t : file { ioctl read write getattr lock
append open } ;
allow netutils_t logfile : file { ioctl read write getattr lock
append open } ;
allow netutils_t netutils_tmp_t : file { ioctl read write create
getattr setattr lock append unlink link rename open } ;
Looks like netutils_tmp_t is your best option.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
