Displaying 2 results from an estimated 2 matches for "netlink_route_socket".
2006 Sep 08
0
SELinux targeted + httpd + suexec
...cessity to
mount /var/www with -o suid.
Now I'm getting these 2 errors in /var/log/messages whenever I execute a
cgi:
%--------------------------
avc: denied { create } for pid=17995 comm="suexec"
scontext=root:system_r:httpd_suexec_t tcontext=root:system_r:httpd_suexec_t
tclass=netlink_route_socket
avc: denied { read } for pid=17995 comm="suexec" name="cert.pem" dev=dm-0
ino=520402 scontext=root:system_r:httpd_suexec_t
tcontext=system_u:object_r:usr_t tclass=lnk_file
%--------------------------
This is independent of the script being perl or sh, and despite the errors...
2015 Jul 09
3
C-6.6 - sshd_config chroot SELinux issues
...sshd /var/log/audit/audit.log | audit2allow
#============= chroot_user_t ==============
#!!!! This avc is allowed in the current policy
allow chroot_user_t admin_home_t:dir search;
#!!!! This avc is allowed in the current policy
allow chroot_user_t net_conf_t:file read;
allow chroot_user_t self:netlink_route_socket create;
allow chroot_user_t self:tcp_socket create;
allow chroot_user_t self:udp_socket create;
allow chroot_user_t user_devpts_t:chr_file open;
allow chroot_user_t user_home_t:chr_file { read write };
#!!!! This avc is allowed in the current policy
allow chroot_user_t xauth_exec_t:file getattr;...