Description of problem: tcpdump is prohibited from writing files, and so the -w option doesn't work. Version-Release number of selected component (if applicable): tcpdump-3.8.2-3 policy-1.10.1-2 How reproducible: 100% Steps to Reproduce: 1. setenforce 1 2. tcpdump -w file Actual results: For a file in /root, for instance: audit(1081349723.141:0): avc: denied { search } for pid=30353 exe=/usr/sbin/tcpdump name=root dev=hda2 ino=3817473 scontext=root:sysadm_r:netutils_t tcontext=root:object_r:staff_home_dir_t tclass=dir For a /tmp file: audit(1081349706.640:0): avc: denied { search } for pid=30350 exe=/usr/sbin/tcpdump name=tmp dev=hda2 ino=4538369 scontext=root:sysadm_r:netutils_t tcontext=system_u:object_r:tmp_t tclass=dir etc.
(Requires policy change.)
Requires macro-izing the domain and instantiating it for each user domain, e.g. $1_netutils_t, so that you can then allow it access to the appropriate set of types for that user domain, e.g. $1_tmp_t, $1_home_t, etc. Note that you will still need a base domain for use by initrc that won't have such accesses.
reassigned to policy
Allowing tcpdump to write to /tmp/, you need to run tcpdump as sysadm_r in the current policy, so no reason to allow it to run as
Iiuc this is intended behaviour. Closing NOTABUG.