Very odd: /proc/sys/net/ipv6/conf/all/disable

Discussion:

Very odd: /proc/sys/net/ipv6/conf/all/disable_ipv6

mark

2018-08-27 14:39:39 UTC

CentOS 7.5, and on one system, I'm getting:
setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from
read access on the file disable_ipv6

ll -Z shows
-rw-r--r--. root root system_u:object_r:sysctl_net_t:s0
/proc/sys/net/ipv6/conf/all/disable_ipv6

I find this peculiar. Anyone have a resolution, or is this a bug?

mark
_______________________________________________
selinux mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to selinux-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.

justina colmena

2018-08-27 15:57:11 UTC

Permalink

Post by mark
setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from
read access on the file disable_ipv6
ll -Z shows
-rw-r--r--. root root system_u:object_r:sysctl_net_t:s0
/proc/sys/net/ipv6/conf/all/disable_ipv6
I find this peculiar. Anyone have a resolution, or is this a bug?
mark
_______________________________________________
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

So do you consider IPv6 to be a feature or a bug?

Are IPv4 addresses considered as real estate, and the owners thereof are concerned that their market value might fall if people start using IPv6?

--
https://www.colmena.biz/~justina/contacto.php
_______________________________________________
selinux mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to selinux-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinu

mark

2018-08-27 19:24:32 UTC

Permalink

Post by justina colmena

So do you consider IPv6 to be a feature or a bug?
Are IPv4 addresses considered as real estate, and the owners thereof are
concerned that their market value might fall if people start using IPv6?

Nah, we use both, and we do have a reasonable supply of IPv4, given I work
for a US federal contractor (civilian sector).

mark
_______________________________________________
selinux mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to selinux-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists

justina colmena

2018-08-27 19:53:55 UTC

Permalink

Post by mark

Post by justina colmena

So do you consider IPv6 to be a feature or a bug?
Are IPv4 addresses considered as real estate, and the owners thereof are
concerned that their market value might fall if people start using IPv6?

Nah, we use both, and we do have a reasonable supply of IPv4, given I work
for a US federal contractor (civilian sector).
mark

My experience working for federal contractors is very poor. It involved
a brush-clearing job at Camp Bonneville near Battle Ground, Washington,
which turned out to have been subcontracted from a prime contractor who
had been hired by the Army to clean up unexploded ordnance and make
improvements to the real property of the aforementioned Camp in order to
turn it into a county park.

The Washington State Department of Labor and Industries balked at
underwriting workers' compensation for the hazard of unexploded
ordnance, and I heard a rumor that at least one colonel and some other
officials from the Army were given dishonorable discharges for
improperly disbursing federal funds in excess of $5,000 to a contractor
who was not properly bonded for the job under the Miller Act. The
contractors were hauled into civilian federal court. White shirt,
business suit, and black tie or orange jumpsuit and chains, I have no idea.

My employer never got paid for the job, and some of those dishonorable
colonels burned down our office as well as the neighbor's barn, and the
Society of Actuaries was making noise about too many fires in town that
year.Â You can call it a "civilian sector" but that's arguable once they
start having a court-martial.

The IPv6 is somewhat a federal mandate, especially for anything that
involves the Department of Defense, isn't it? I use it all the time
myself, and there are a lot of roadblocks in the way of things working
correctly. The military, especially the Army, is notorious for
bureaucracy and red tape.

Michael Bunk

2018-08-28 06:44:42 UTC

Permalink

Though the combination sounds alarming, this is probably only a file
descriptor left open by whatever program called sendmail. That program
should either close the file disable_ipv6 after use or set the
CLOSE_ON_EXEC flag in the file descriptor.

If you search for it, there are many such cases, even bug reports for
CentOS-7:

https://bugs.centos.org/view.php?id=12396

But no solution yet.

Which program calls sendmail in your case?

Best regards
Michael

PS: Don't feed the trolls.
_______________________________________________
selinux mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to selinux-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/sel