I'm having an odd problem:
I am running my own MCS constrainted policy on Ubuntu 12.04. At
some point I have a process with context
sub_t:s0:c20-s0:c20.c29
From this process I try to access a jack daemon with mplayer. For
this purpose unix stream sockets are being used. I then get an
avc denial saying that
process sub_t:s0:c20-s0:c20.c29
tried to access
unix_stream_socket sub_t:s0
which is prohibited by mcs constrain. The socket is on sockfs and
has no file associated with it.
The problem is that under no circumstances the policy allows the
creation of anything with 'sub_t:s0'.
Using an auditallow rule like
auditallow any_type sub_t:unix_stream_socket { create relabelto relabelfrom };
clearly shows that indeed no socket with a context like that is
created nor relabel to. And yet it exists.
I'd highly appreciate any hint on this matter. Including how to
debug further. How can I display the security context of a socket
on sockfs?
Best regards
Ole
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
