ipv6 tunnel problem.

ipv6 tunnel problem.

[Kurt Roeckx]

I'm not exactly sure what causes it, but I got those 2 messages a
few times so far:

avc:  denied  { rawip_send } for  pid=3789
exe=/usr/local/ircd/sbin/ircd saddr=x.x.x.x
daddr=y.y.y.y netif=eth0
scontext=system_u:object_r:unlabeled_t
tcontext=system_u:object_r:netif_eth0_t tclass=netif

avc:  denied  { rawip_send } for  saddr=x.x.x.x
daddr=y.y.y.y netif=eth0
scontext=system_u:object_r:unlabeled_t
tcontext=system_u:object_r:netif_eth0_t tclass=netif

x.x.x.x is the local ipv4 address, and y.y.y.y is the ipv4
endpoint of my ipv6 (sit) tunnel.


Kurt


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: ipv6 tunnel problem.

[Stephen Smalley]

On Sat, 2003-04-05 at 18:28, Kurt Roeckx wrote:
> I'm not exactly sure what causes it, but I got those 2 messages a
> few times so far:
> 
> avc:  denied  { rawip_send } for  pid=3789
> exe=/usr/local/ircd/sbin/ircd saddr=x.x.x.x
> daddr=y.y.y.y netif=eth0
> scontext=system_u:object_r:unlabeled_t
> tcontext=system_u:object_r:netif_eth0_t tclass=netif
> 
> avc:  denied  { rawip_send } for  saddr=x.x.x.x
> daddr=y.y.y.y netif=eth0
> scontext=system_u:object_r:unlabeled_t
> tcontext=system_u:object_r:netif_eth0_t tclass=netif
> 
> x.x.x.x is the local ipv4 address, and y.y.y.y is the ipv4
> endpoint of my ipv6 (sit) tunnel.

The LSM patch does not presently include hooks for IPv6, so some of the
SELinux processing won't be applied to IPv6.  If you aren't actually
using the SELinux networking functionality, you might want to just
disable CONFIG_SECURITY_NETWORK to omit it.



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.