AVC "module_request" seen for various services for module "net-pf-10"

Solution Verified - Updated -

Issue

  • The following AVC can be seen in the audit log for various services and processes, all being related to net-pf-10 kernel module

    type=PROCTITLE msg=... : proctitle=...
    type=SYSCALL msg=... : arch=x86_64 syscall=socket success=no exit=EAFNOSUPPORT(Address family not supported by protocol) a0=inet6 a1=SOCK_DGRAM a2=ip ...
    type=AVC msg=... : avc:  denied  { module_request } for  ... comm=unbound-anchor kmod="net-pf-10" scontext=system_u:system_r:named_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=0 
    

    Here above, the service is unbound-anchor, but it may be some other process.

Environment

  • Red Hat Enterprise Linux 7 and later
    • SELinux
    • IPv6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content