On Sat, 2017-05-06 at 18:45 -0500, Ian Pilcher wrote:
> I'm getting a non-fatal { getattr } denial on a UDP socket (talking
> to a
> DNS server). strace doesn't show any fstat calls on the socket, but
> it
> does show that recvfrom is being called.
>
> Does recvfrom want getattr permission in order to retrieve the
> message
> source? (The other potential system calls are poll and
> ioctl(FIONREAD).)
ioctl(FIONREAD) triggers a getattr permission check because it can be
used to get the file size.
