Bug 182071
Summary: | ping not allowed to use nscd | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ulrich Drepper <drepper> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-05-09 19:15:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ulrich Drepper
2006-02-20 06:14:14 UTC
I pasted the wrong audit message: type=AVC msg=audit(1140416531.597:35201): avc: denied { name_connect } for pid=25810 comm="ping" dest=111 scontext=user_u:system_r:ping_t:s0-s0:c0.c255 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1140416531.597:35201): arch=c000003e syscall=42 success=no exit=-13 a0=4 a1=7fffffd87b00 a2=10 a3=3 items=0 pid=25810 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ping" exe="/bin/ping" type=SOCKADDR msg=audit(1140416531.597:35201): saddr=0200006F7F000001301F675555550000 type=AVC msg=audit(1140416531.597:35202): avc: denied { name_bind } for pid=25810 comm="ping" src=970 scontext=user_u:system_r:ping_t:s0-s0:c0.c255 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1140416531.597:35202): arch=c000003e syscall=49 success=no exit=-13 a0=4 a1=7fffffd878a0 a2=10 a3=3 items=0 pid=25810 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ping" exe="/bin/ping" type=SOCKADDR msg=audit(1140416531.597:35202): saddr=020003CA000000000000000000000000 type=AVC msg=audit(1140416531.597:35203): avc: denied { name_connect } for pid=25810 comm="ping" dest=111 scontext=user_u:system_r:ping_t:s0-s0:c0.c255 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1140416531.597:35203): arch=c000003e syscall=42 success=no exit=-13 a0=4 a1=7fffffd87b00 a2=10 a3=3 items=0 pid=25810 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ping" exe="/bin/ping" type=SOCKADDR msg=audit(1140416531.597:35203): saddr=0200006F7F000001301F675555550000 type=AVC msg=audit(1140416531.597:35204): avc: denied { name_connect } for pid=25810 comm="ping" dest=111 scontext=user_u:system_r:ping_t:s0-s0:c0.c255 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1140416531.597:35204): arch=c000003e syscall=42 success=no exit=-13 a0=4 a1=7fffffd87b30 a2=10 a3=0 items=0 pid=25810 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ping" exe="/bin/ping" type=SOCKADDR msg=audit(1140416531.597:35204): saddr=0200006F7F000001CAA44921952B0000 type=AVC msg=audit(1140416531.597:35205): avc: denied { name_bind } for pid=25810 comm="ping" src=971 scontext=user_u:system_r:ping_t:s0-s0:c0.c255 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1140416531.597:35205): arch=c000003e syscall=49 success=no exit=-13 a0=4 a1=7fffffd878d0 a2=10 a3=3 items=0 pid=25810 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ping" exe="/bin/ping" type=SOCKADDR msg=audit(1140416531.597:35205): saddr=020003CB000000000000000000000000 type=AVC msg=audit(1140416531.597:35206): avc: denied { name_connect } for pid=25810 comm="ping" dest=111 scontext=user_u:system_r:ping_t:s0-s0:c0.c255 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1140416531.597:35206): arch=c000003e syscall=42 success=no exit=-13 a0=4 a1=7fffffd87b30 a2=10 a3=3 items=0 pid=25810 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ping" exe="/bin/ping" type=SOCKADDR msg=audit(1140416531.597:35206): saddr=0200006F7F000001CAA44921952B0000 Do you have ypbind running on your machine, if so is the allow_ypbind boolean turned on? Yes, I'm using ypbind and /selinux/boolean/allow_yobind contains 0 0. But it's also nscd I worry about: fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 EACCES (Permission denied) nscd access is also not allowed. FIxed in rawhide. |