BUG: looks like net contexts is being ignored

BUG: looks like net contexts is being ignored

[Luke Kenneth Casson Leighton]

i'm using cvs linux2.6 from 2 weeks ago.
latest cvs policy, tools and libs selinux-usr.

the bug is that any tcp or udp port access by any program appears to be
attempted as reserved_port_t.

e.g:

denied { name_bind } for /sbin/dhclient
scontext=system_u:system_r:dhcpc_t
tcontext=system_u_object_r:reserved_port_t tclass=udp_socket
  
  and

denied { name_bind } for /usr/sbin/sshd src=22
scontext=system_u:system_r:sshd_t
tcontext=system_u_object_r:reserved_port_t tclass=tcp_socket

zero modifications to net_contexts have been made.

okay i admit it i made some mods to fs/proc/base.c to split up a
function in order use 98% of that function somewhere else.

also i reduced autofs4's NEGATIVE_TIMEOUT from 60 seconds to 5.

nothing significant or what i would call relevant.

l.

-- 
--
Truth, honesty and respect are rare commodities that all spring from
the same well: Love.  If you love yourself and everyone and everything
around you, funnily and coincidentally enough, life gets a lot better.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: BUG: looks like net contexts is being ignored

[Stephen Smalley]

On Sun, 2004-09-26 at 17:46, Luke Kenneth Casson Leighton wrote:
> i'm using cvs linux2.6 from 2 weeks ago.
> latest cvs policy, tools and libs selinux-usr.
> 
> the bug is that any tcp or udp port access by any program appears to be
> attempted as reserved_port_t.

Using the latest checkpolicy from cvs?

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: BUG: looks like net contexts is being ignored

[Luke Kenneth Casson Leighton]

On Mon, Oct 04, 2004 at 11:46:04AM -0400, Stephen Smalley wrote:
> On Sun, 2004-09-26 at 17:46, Luke Kenneth Casson Leighton wrote:
> > i'm using cvs linux2.6 from 2 weeks ago.
> > latest cvs policy, tools and libs selinux-usr.
> > 
> > the bug is that any tcp or udp port access by any program appears to be
> > attempted as reserved_port_t.
> 
> Using the latest checkpolicy from cvs?
 
 as of last week at the time of writing, yes.  hi stephen, you're back
 then?


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.