[prev in list] [next in list] [prev in thread] [next in thread]
List: selinux
Subject: Re: racoon got dead due to permission lacking
From: Stephen Smalley <sds () tycho ! nsa ! gov>
Date: 2008-01-28 15:35:45
Message-ID: 1201534545.2823.11.camel () moss-spartans ! epoch ! ncsc ! mil
[Download RAW message or body]
On Mon, 2008-01-28 at 10:22 -0500, Paul Moore wrote:
> On Monday 28 January 2008 7:32:30 am Stephen Smalley wrote:
> > On Fri, 2008-01-25 at 14:17 -0500, Stephen Smalley wrote:
> > > On Fri, 2008-01-25 at 14:24 +0900, Kohei KaiGai wrote:
> > > > When I tested labeled ipsec, racoon got dead with the following
> > > > messages: (I added some line break for reader's confortable)
> > > >
> > > > | type=AVC msg=audit(1201052881.758:783): avc: denied { read }
> > > > | for pid=26854 comm="racoon" name="net" dev=proc
> > > > | ino=4026531867 scontext=root:system_r:racoon_t:s0
> > > > | tcontext=system_u:object_r:proc_t:s0 tclass=dir
> > >
> > > That one is a kernel bug (in 2.6.24). Should have a fix soon -
> > > patch is being reviewed.
> >
> > Fix upstreamed,
> > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=co
> >mmit;h=b1aa5301b9f88a4891061650c591fb8fe1c1
>
> This got pushed to -stable too, right?
James cc'd them on the git pull request. Haven't seen a reply yet.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic