pcp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bug 1332014] SELinux is preventing pmdalinux from using the 'net_admin'

from [bugzilla] [Permanent Link][Original]
To: pcp@xxxxxxxxxxx
Subject: [Bug 1332014] SELinux is preventing pmdalinux from using the 'net_admin' capabilities.
From: bugzilla@xxxxxxxxxx
Date: Wed, 04 May 2016 22:35:45 +0000
Auto-submitted: auto-generated
Delivered-to: pcp@xxxxxxxxxxx
In-reply-to: <bug-1332014-355098@xxxxxxxxxxxxxxxxxxx>
References: <bug-1332014-355098@xxxxxxxxxxxxxxxxxxx> 
https://bugzilla.redhat.com/show_bug.cgi?id=1332014



--- Comment #4 from Nathan Scott <nathans@xxxxxxxxxx> ---
Hi Lukas,

pmdalinux may issue these ioctls ...

proc_net_dev.c:    if (!(ioctl(fd, SIOCGIFMTU, &ifr) < 0))
proc_net_dev.c:    if (!(ioctl(fd, SIOCGIFFLAGS, &ifr) < 0)) {
proc_net_dev.c:    if (!(ioctl(fd, SIOCETHTOOL, &ifr) < 0)) {
proc_net_dev.c:    } else if (!(ioctl(fd, SIOCGIWRATE, &iwreq) < 0)) {
proc_net_dev.c:    if (ioctl(fd, SIOCGIFADDR, &ifr) >= 0) {
proc_net_dev.c:    if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) {

... it uses these as a fallback only, if the same information cannot be
accessed via /sys/class/net/[IF]/* from the kernel.

The only other privilege-requiring operation in pmdalinux is setns(2).

cheers.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug 
https://bugzilla.redhat.com/token.cgi?t=AmJvgo0HUG&a=cc_unsubscribe
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [pcp] Detecting PCP Installation Location?, Ken McDonell
Next by Date:  Re: [pcp] Detecting PCP Installation Location?, Nathan Scott
Previous by Thread:  [Bug 1332014] SELinux is preventing pmdalinux from using the 'net_admin' capabilities., bugzilla
Next by Thread:  Detecting PCP Installation Location?, Marko Myllynen
Indexes:  [Date] [Thread] [Top] [All Lists]