Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListAVC: IPv6 problems
From: Stefan Schulze Frielinghaus <stefan_at_sf-net.com>
Date: Tue, 22 May 2007 20:22:09 +0200
periodically I receive the following AVC denial: audit(1179815459.477:213): avc: denied { rawip_send } for saddr=fe80:0000:0000:0000:0211:d8ff:feea:XXXX daddr=fe80:0000:0000:0000:0211:24ff:fee1:YYYY netif=eth0scontext=system_u:system_r:kernel_t:s15:c0.c255 tcontext=system_u:object_r:link_local_node_t:s0 tclass=node My local rule-set: allow kernel_t link_local_node_t:node rawip_send; # another AVC denial which often raises up allow kernel_t compat_ipv4_node_t:node rawip_send; The rules seem to be ignored. Every day I receive some of the mentioned AVC denials despite the fact that the TE rules are loaded. Is this a known problem with IPv6 traffic in LANs? Is there even a solution out?
Best regards,
PS: I'm using Debian (etch) with refpolicy-20061212. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Tue 22 May 2007 - 14:22:06 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |