On Thu, 10 Dec 2009, Paul Moore <paul.moore@xxxxxx> wrote: > > Subject: selinux PERMISSIVE blocking tun/tap device creation in v2.6.32 > > I imagine this is because the original reporter is using a SELinux policy > without the new TUN socket classes/permissions (which is likely the common > case at this point). The unknown class/permission handling that Eric added > _should_ protect us from this - Russel do you have any more information > about the distribution and policy in use here? Sorry, the original message apparently wasn't clear enough (I've added some caps). The problem occurred in permissive mode. When the system is in permissive mode then SE Linux should not deny any action that Unix permissions will permit. -- russell@xxxxxxxxxxxx http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
