Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
selinux-policy-targeted-2.1.6-4: needs netif: msg#00102
|
Subject: |
selinux-policy-targeted-2.1.6-4: needs netif |
running today's policy, have boot/network problems.
Fixed boot problems by turning off hplip/cups.
Appears more 'netif' work is needed:
[root@tlondon ~]# ausearch -m avc,selinux_err -ts 12/16/2005
|audit2allow -l allow avahi_t null_device_t:netif udp_send;
allow cupsd_t null_device_t:netif tcp_send;
allow hplip_t null_device_t:netif tcp_send;
allow kernel_t null_device_t:netif rawip_send;
allow ntpd_t null_device_t:netif udp_send;
allow ntpd_t policy_config_t:udp_socket node_bind;
allow ping_t null_device_t:netif rawip_recv;
allow ping_t policy_config_t:node rawip_recv;
allow unconfined_t null_device_t:netif tcp_recv;
allow unconfined_t policy_config_t:node udp_recv;
allow unconfined_t sysctl_t:tcp_socket recv_msg;
allow unconfined_t sysctl_t:udp_socket send_msg;
[root@tlondon ~]#
Here are a few AVCs:
----
time->Fri Dec 16 07:06:31 2005
type=AVC msg=audit(1134745591.755:5): avc: denied { tcp_send } for
pid=2686 comm="python" saddr=127.0.0.1 src=37866 daddr=127.0.0.1
dest=50000 netif=lo scontext=system_u:system_r:hplip_t:s0
tcontext=system_u:object_r:null_device_t:s0 tclass=netif
----
time->Fri Dec 16 07:06:34 2005
type=AVC msg=audit(1134745594.243:6): avc: denied { tcp_send } for
pid=2713 comm="hp" saddr=127.0.0.1 src=37867 daddr=127.0.0.1
dest=50000 netif=lo scontext=system_u:system_r:cupsd_t:s0-s0:c0.c255
tcontext=system_u:object_r:null_device_t:s0 tclass=netif
----
time->Fri Dec 16 07:06:34 2005
type=AVC msg=audit(1134745594.755:7): avc: denied { tcp_send } for
saddr=127.0.0.1 src=37866 daddr=127.0.0.1 dest=50000 netif=lo
scontext=system_u:system_r:hplip_t:s0
tcontext=system_u:object_r:null_device_t:s0 tclass=netif
-------
time->Fri Dec 16 07:16:44 2005
type=SOCKETCALL msg=audit(1134746204.111:5): nargs=4 a0=4 a1=bfbf3450
a2=20 a3=0type=SYSCALL msg=audit(1134746204.111:5): arch=40000003
syscall=102 success=no exit=-1 a0=9 a1=bfbf30e4 a2=771ff4 a3=20
items=0 pid=2731 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 comm="ntpdate" exe="/usr/sbin/ntpdate"
type=AVC msg=audit(1134746204.111:5): avc: denied { udp_send } for
pid=2731 comm="ntpdate" saddr=192.168.1.101 src=32768
daddr=68.87.76.178 dest=53 netif=eth0
scontext=system_u:system_r:ntpd_t:s0
tcontext=system_u:object_r:null_device_t:s0 tclass=netif
----
time->Fri Dec 16 07:16:57 2005
type=SOCKETCALL msg=audit(1134746217.580:190): nargs=3 a0=d a1=bfae85ec a2=0
type=SOCKADDR msg=audit(1134746217.580:190):
saddr=020014E9E00000FB0000000000000000
type=SYSCALL msg=audit(1134746217.580:190): arch=40000003 syscall=102
success=no exit=-1 a0=10 a1=bfae8590 a2=af5134 a3=d items=0 pid=2814
auid=4294967295 uid=70 gid=70 euid=70 suid=70 fsuid=70 egid=70 sgid=70
fsgid=70 comm="avahi-daemon" exe="/usr/sbin/avahi-daemon"
type=AVC msg=audit(1134746217.580:190): avc: denied { udp_recv } for
pid=2814 comm="avahi-daemon" saddr=192.168.1.101 src=5353
daddr=224.0.0.251 dest=5353 netif=eth0
scontext=system_u:system_r:avahi_t:s0
tcontext=system_u:object_r:null_device_t:s0 tclass=netif
type=AVC msg=audit(1134746217.580:190): avc: denied { udp_send } for
pid=2814 comm="avahi-daemon" saddr=192.168.1.101 src=5353
daddr=224.0.0.251 dest=5353 netif=eth0
scontext=system_u:system_r:avahi_t:s0
tcontext=system_u:object_r:null_device_t:s0 tclass=netif
----
<<<<<Many more>>>>>
tom
-
--
Tom London
|
| |
