Package: iptables
Version: 1.4.21-2+b1
Severity: normal
type=AVC msg=audit(1443760532.924:27): avc: denied { read write } for
pid=273 comm="modprobe" path="socket:[8859]" dev="sockfs" ino=8859
scontext=system_u:system_r:insmod_t:s0
tcontext=system_u:system_r:iptables_t:s0 tclass=unix_stream_socket
permissive=0
When booting a SE Linux system in the "strict" configuration the above error is
logged
on boot. iptables needs to either close the file handle for the Unix domain
socket
before executing modprobe or set it to close on exec.
While this is mostly a cosmetic error it has the potential for unexpected
behavior on
a non-SE system if modprobe was to try to access that file handle.
-- System Information:
Debian Release: 8.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.2.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages iptables depends on:
ii libc6 2.19-18+deb8u1
ii libnfnetlink0 1.0.1-3
ii libxtables10 1.4.21-2+b1
iptables recommends no packages.
iptables suggests no packages.
-- no debconf information
