|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
If you haven't configured iptables to mark packets with those contexts,On Wed, 2009-06-17 at 10:18 -0700, brian retford wrote:
> We have a fairly customized centos 5.3 distribution, but I know of
> nothing that would cause the behavior I'm seeing. We don't use
> iptables or ipsec, secmark is enabled in the kernel. I get avc denied
> messages for packets that almost certainly do exist, but the targets
> almost never make sense (at least to me), things like ls_exec_t,
> lib_t, and other seemingly random types. Thoughts?
>
> avc: denied { send } for pid=3202 comm="sshd" saddr=172.27.13.41
> src="" daddr=172.27.134.1 dest=40428 netif=eth0
> scontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:lib_t:s0 tclass=packet
then you shouldn't get any such denials.
So either you have a weird iptables configuration or you have a kernel
bug.
What kernel are you using?
--
Stephen Smalley
National Security Agency
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Home] [Fedora Users] [Fedora Legacy] [Fedora Desktop] [Fedora Bible] [Big List of Linux Books] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]
