On Wed, 4 Oct 2006, Evgeniy Polyakov wrote:
> Linux kano 2.6.18 #5 SMP Mon Oct 2 18:44:30 MSD 2006 i686 i686 i386 GNU/Linux
> [EMAIL PROTECTED] ~]# rpm -q selinux-policy-targeted
> selinux-policy-targeted-2.3.17-2
>
> I get only this messages in audit.log when remote racoon tries to
> connect to system with selinux enabled in enforcing mode:
>
I think the policy has just not been written for racoon, and it's being
denied by deault (cd'd Dan Walsh).
> type=AVC msg=audit(1159938297.845:625): avc: denied { polmatch } for
> scontext=system_u:object_r:unlabeled_t:s0
> tcontext=root:system_r:unconfined_t:s0-s0:c0.c255 tclass=association
> type=AVC msg=audit(1159938297.845:626): avc: denied { polmatch } for
> scontext=system_u:object_r:unlabeled_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=association
> type=AVC msg=audit(1159938307.837:627): avc: denied { polmatch } for
> scontext=system_u:object_r:unlabeled_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=association
> type=AVC msg=audit(1159938317.838:628): avc: denied { polmatch } for
> scontext=system_u:object_r:unlabeled_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=association
> type=AVC msg=audit(1159938327.839:629): avc: denied { polmatch } for
> scontext=system_u:object_r:unlabeled_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=association
>
> It is with your patch applied.
> Should I try Venkat's or it is unrelated problem?
>
> > --
> > James Morris
> > <[EMAIL PROTECTED]>
>
>
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
