Summary: | tcpdump requires additional SELinux privileges | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Amadeusz Sławiński <amade> |
Component: | SELinux | Assignee: | Sven Vermeulen (RETIRED) <swift> |
Status: | VERIFIED FIXED | ||
Severity: | normal | CC: | selinux |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | sec-policy r8 | ||
Package list: | Runtime testing required: | --- |
Description
Amadeusz Sławiński
2012-11-17 13:08:18 UTC
Seems to work with dac_read_search as well (without dac_override). dac_override is more global than dac_read_search, and it requires the search privs only afaik. dac_override is checked first, then dac_read_search, so I guess we can even dontaudit the dac_override requests. Okay, is in (live ebuilds ok, will be in rev 8) r8 in hardened-dev overlay r8 is now in main tree, ~arch r8 is now stable |