Displaying 5 results from an estimated 5 matches for "rawip_socket".
2008 Mar 03
1
Unable open raw socket in CentOS 5 - SE Linux and kernel capability interaction?
...t;
type ld_so_t;
type ld_so_cache_t;
type usr_t;
type devpts_t;
type rawsox_t;
type etc_t;
class lnk_file read;
class dir search;
class file { read getattr execute };
class chr_file { read write getattr };
class rawip_socket create;
class capability net_raw;
}
#============= rawsox_t ==============
allow rawsox_t devpts_t:chr_file { read write getattr };
allow rawsox_t etc_t:dir search;
allow rawsox_t ld_so_cache_t:file { read getattr };
allow rawsox_t ld_so_t:file read;
allow rawsox_t lib_t:dir search;
allow rawsox_...
2014 Oct 25
1
Centos 6.5 - Fping - SE Linux - Missing type enforcement (TE) allow rule
...g saying that the rules already exists! Which does make
sense since I had to allow those particular function for the Mysql
connection to function properly.
---------------
.te file :
"module fping-httpd 1.0;
require {
type httpd_t;
class capability net_raw;
class rawip_socket create;
}
#============= httpd_t ==============
#!!!! This avc is allowed in the current policy
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket create;
"
---------------
Is the "Missing type enforcement" related to all of this? I really don't
want to di...
2015 Jan 19
2
CentOS-6.6 Fail2Ban and Postfix Selinux AVCs
I am seeing these in the log of one of our off-site NX hosts running
CentOS-6.6.
type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for
pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0
tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module
to allow this access.
SELinux is preventing /sbin/iptables-multi-1.4.7 from search access on
the directory .
***** Plugin catchall (100. confide...
2015 Jan 19
0
CentOS-6.6 Fail2Ban and Postfix Selinux AVCs
...am seeing these in the log of one of our off-site NX hosts running
> CentOS-6.6.
>
> type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for
> pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0
> tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket
> Was caused by:
> Missing type enforcement (TE) allow rule.
>
> You can use audit2allow to generate a loadable module
> to allow this access.
>
> SELinux is preventing /sbin/iptables-multi-1.4.7 from search access on
> the directory ....
2008 Mar 07
1
Unable open raw socket in CentOS 5 - SE Linux and kernelcapability interaction?
...type usr_t;
>> type devpts_t;
>> type rawsox_t;
>> type etc_t;
>> class lnk_file read;
>> class dir search;
>> class file { read getattr execute };
>> class chr_file { read write getattr };
>> class rawip_socket create;
>> class capability net_raw;
>> }
>>
>> #============= rawsox_t ==============
>> allow rawsox_t devpts_t:chr_file { read write getattr };
>> allow rawsox_t etc_t:dir search;
>> allow rawsox_t ld_so_cache_t:file { read getattr };
>> allow...