On Mon, Dec 18, 2006 at 06:52:47PM -0600, Loulwa Salem wrote:
> Hi,
> I am writing a testcase that uses netcat (nc) as part of my cipso testing.
> I ran into a slight problem when in Enforcing mode.
> user_r, sysadm_r, or secadm_r can't execute nc ... below are the AVC
> records I was seeing and the policy I used to fix it.
>
> type=AVC msg=audit(1166479344.923:3782): avc: denied { name_bind } for
> pid=31873 comm="nc" src=3333
> scontext=root:secadm_r:secadm_t:s0-s15:c0.c1023
> tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
>
More precisely, users can execute nc, but don't have permission to
actually use TCP ports. This breaks all networking by user apps that
don't have specific policy. This needs to be fixed...
-Klaus
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
