From: Stefan Schulze Frielinghaus <stefan_at_sf-net.com>
Date: Tue, 22 May 2007 20:22:09 +0200

Hello,

periodically I receive the following AVC denial:

audit(1179815459.477:213): avc:  denied  { rawip_send } for   
saddr=fe80:0000:0000:0000:0211:d8ff:feea:XXXX  
daddr=fe80:0000:0000:0000:0211:24ff:fee1:YYYY netif=eth0  

scontext=system_u:system_r:kernel_t:s15:c0.c255 tcontext=system_u:object_r:link_local_node_t:s0 tclass=node

My local rule-set:

allow kernel_t link_local_node_t:node rawip_send; # another AVC denial which often raises up allow kernel_t compat_ipv4_node_t:node rawip_send;

The rules seem to be ignored. Every day I receive some of the mentioned AVC denials despite the fact that the TE rules are loaded. Is this a known problem with IPv6 traffic in LANs? Is there even a solution out?

Best regards,
Stefan

PS: I'm using Debian (etch) with refpolicy-20061212.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Received on Tue 22 May 2007 - 14:22:06 EDT