Whenever tcpdump fills a savefile to capacity (-C option) and tries to open
a new one, I get the following AVC denial:
kernel: audit(1204485464.409:106): avc: denied { search } for
pid=2702 comm="tcpdump" name="/" dev=hdb1 ino=2
scontext=system_u:system_r:netutils_t:s0 t
context=system_u:object_r:default_t:s0 tclass=dir
Any suggestions as the the proper fix to make this work? The target directory
for the savefiles has context system_u:object_r:netutils_tmp_t, and I get no
complaints about that directory or its files. I have no idea what tcpdump
might be searching for in the root directory or, for that matter, why search
permission in a default_t directory should be denied.
System: CentOS 5.1
selinux-policy-targeted-2.4.6-106.el5_1.3
kernel-2.6.18-53.1.13.el5
tcpdump-3.9.4-11.el5
-rwxr-xr-x root root system_u:object_r:netutils_exec_t /usr/sbin/tcpdump
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
