[CentOS] Odd AVC from tcpdump

Robert Nichols

rnicholsNOSPAM at comcast.net
Sun Mar 2 20:18:12 UTC 2008


Whenever tcpdump fills a savefile to capacity (-C option) and tries to open
a new one, I get the following AVC denial:

kernel: audit(1204485464.409:106): avc:  denied  { search } for
pid=2702 comm="tcpdump" name="/" dev=hdb1 ino=2 scontext=system_u:system_r:netutils_t:s0 t
context=system_u:object_r:default_t:s0 tclass=dir

Any suggestions as the the proper fix to make this work?  The target directory
for the savefiles has context system_u:object_r:netutils_tmp_t, and I get no
complaints about that directory or its files.  I have no idea what tcpdump
might be searching for in the root directory or, for that matter, why search
permission in a default_t directory should be denied.

System:  CentOS 5.1
selinux-policy-targeted-2.4.6-106.el5_1.3
kernel-2.6.18-53.1.13.el5
tcpdump-3.9.4-11.el5
-rwxr-xr-x  root root system_u:object_r:netutils_exec_t /usr/sbin/tcpdump

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.




More information about the CentOS mailing list