Nicolas Iooss
|
d91d41b53a
|
ulogd: allow creating a netlink-netfilter socket
This is used to get the packets logged by the firewall.
I experienced this on a Debian system which uses nftables rules with the
"log" keyword:
type=AVC msg=audit(1565901600.257:348): avc: denied { create } for
pid=8586 comm="ulogd" scontext=system_u:system_r:ulogd_t
tcontext=system_u:system_r:ulogd_t tcla
ss=netlink_netfilter_socket permissive=1
type=AVC msg=audit(1565901103.154:327): avc: denied { read } for
pid=436 comm="ulogd" scontext=system_u:system_r:ulogd_t
tcontext=system_u:system_r:ulogd_t tclass=netlink_netfilter_socket
permissive=1
type=SYSCALL msg=audit(1565901103.154:327): arch=c000003e syscall=45
success=yes exit=148 a0=8 a1=7f651d19d010 a2=249f0 a3=0 items=0 ppid=1
pid=436 auid=4294967295 uid=111 gid=118 euid=111 suid=111 fsuid=111
egid=118 sgid=118 fsgid=118 tty=(none) ses=4294967295 comm="ulogd"
exe="/usr/sbin/ulogd" subj=system_u:system_r:ulogd_t key=(null)
type=PROCTITLE msg=audit(1565901103.154:327):
proctitle=2F7573722F7362696E2F756C6F6764002D2D6461656D6F6E002D2D75696400756C6F67002D2D70696466696C65002F72756E2F756C6F672F756C6F67642E706964
[ ... ]
type=AVC msg=audit(1565901600.241:338): avc: denied { write } for
pid=436 comm="ulogd" scontext=system_u:system_r:ulogd_t
tcontext=system_u:system_r:ulogd_t tclass=netlink_netfilter_socket
permissive=1
type=AVC msg=audit(1565901600.257:348): avc: denied { create } for
pid=8586 comm="ulogd" scontext=system_u:system_r:ulogd_t
tcontext=system_u:system_r:ulogd_t tclass=netlink_netfilter_socket
permissive=1
type=AVC msg=audit(1565901600.257:349): avc: denied { getattr } for
pid=8586 comm="ulogd" scontext=system_u:system_r:ulogd_t
tcontext=system_u:system_r:ulogd_t tclass=netlink_netfilter_socket
permissive=1
type=AVC msg=audit(1565901600.257:350): avc: denied { bind } for
pid=8586 comm="ulogd" scontext=system_u:system_r:ulogd_t
tcontext=system_u:system_r:ulogd_t tclass=netlink_netfilter_socket
permissive=1
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
2019-08-17 15:53:32 +02:00 |
Chris PeBenito
|
3ab07a0e1e
|
Move all files out of the old contrib directory.
|
2018-06-23 10:38:58 -04:00 |
Chris PeBenito
|
09248fa0db
|
Move modules to contrib submodule.
|
2011-09-09 10:10:03 -04:00 |
Chris PeBenito
|
826d014241
|
Bump module versions for release.
|
2010-12-13 09:12:22 -05:00 |
Chris PeBenito
|
e6e42cd4c9
|
Module version bump for ulogd.
|
2010-11-19 11:39:51 -05:00 |
Chris PeBenito
|
b9a562446d
|
Move all ulogd networking into the mysql and postgres optionals.
|
2010-11-19 11:39:36 -05:00 |
Jeremy Solt
|
a00839dcc1
|
ulogd patch from Dan Walsh
"communicates with mysql and postgres via the network"
|
2010-11-18 13:26:19 -05:00 |
Chris PeBenito
|
48f99a81c0
|
Whitespace change: drop unnecessary blank line at the start of .te files.
|
2010-06-10 08:16:35 -04:00 |
Chris PeBenito
|
9570b28801
|
module version number bump for release 2.20090730 that was mistakenly omitted.
|
2009-08-05 10:59:21 -04:00 |
Chris PeBenito
|
45515556d4
|
trunk: 10 patches from dan.
|
2009-06-12 19:44:10 +00:00 |
Chris PeBenito
|
a5ef553c2d
|
trunk: 5 modules from dan.
|
2009-04-20 19:03:15 +00:00 |