search for: rawip_socket

...t; type ld_so_t; type ld_so_cache_t; type usr_t; type devpts_t; type rawsox_t; type etc_t; class lnk_file read; class dir search; class file { read getattr execute }; class chr_file { read write getattr }; class rawip_socket create; class capability net_raw; } #============= rawsox_t ============== allow rawsox_t devpts_t:chr_file { read write getattr }; allow rawsox_t etc_t:dir search; allow rawsox_t ld_so_cache_t:file { read getattr }; allow rawsox_t ld_so_t:file read; allow rawsox_t lib_t:dir search; allow rawsox_...

...g saying that the rules already exists! Which does make sense since I had to allow those particular function for the Mysql connection to function properly. --------------- .te file : "module fping-httpd 1.0; require { type httpd_t; class capability net_raw; class rawip_socket create; } #============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t self:capability net_raw; allow httpd_t self:rawip_socket create; " --------------- Is the "Missing type enforcement" related to all of this? I really don't want to di...

I am seeing these in the log of one of our off-site NX hosts running CentOS-6.6. type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access. SELinux is preventing /sbin/iptables-multi-1.4.7 from search access on the directory . ***** Plugin catchall (100. confide...

...am seeing these in the log of one of our off-site NX hosts running > CentOS-6.6. > > type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for > pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0 > tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket > Was caused by: > Missing type enforcement (TE) allow rule. > > You can use audit2allow to generate a loadable module > to allow this access. > > SELinux is preventing /sbin/iptables-multi-1.4.7 from search access on > the directory ....

...type usr_t; >> type devpts_t; >> type rawsox_t; >> type etc_t; >> class lnk_file read; >> class dir search; >> class file { read getattr execute }; >> class chr_file { read write getattr }; >> class rawip_socket create; >> class capability net_raw; >> } >> >> #============= rawsox_t ============== >> allow rawsox_t devpts_t:chr_file { read write getattr }; >> allow rawsox_t etc_t:dir search; >> allow rawsox_t ld_so_cache_t:file { read getattr }; >> allow...