On Friday, 12 April 2019 9:54:46 PM AEST Chris PeBenito wrote:
> On 4/9/19 9:39 PM, Russell Coker wrote:
> > Why is a socket that everything sends to labeled as kernel_t?
> >
>
> Russell, you aren't seeing this type of access on Debian?
ifdef(`init_systemd',`
init_domain($1, $2)
# this may be because of late labelling
kernel_dgram_send($1)
allow $1 init_t:unix_dgram_socket sendto;
')
The above is in the upstream policy in the init_daemon_domain() interface.
Not sure why.
I've put in an auditallow rule and so far haven't been able to reproduce it.
So we can probably remove that line.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
