Jason Dravet wrote:
While asp works, I get the following in my /var/log/messages
Mar 2 17:14:05 cisit6 kernel: audit(1109805245.364:0): avc: denied { read write } for pid=5516 exe=/opt/casp/tools/bin/linux2_i686/perl5/bin/perl name=1 dev=devpts ino=3 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:devpts_t tclass=chr_file Mar 2 17:14:05 cisit6 kernel: audit(1109805245.365:0): avc: denied { read write } for pid=5516 exe=/opt/casp/tools/bin/linux2_i686/perl5/bin/perl path=/dev/pts/1 dev=devpts ino=3 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:devpts_t tclass=chr_file Mar 2 17:14:05 cisit6 kernel: audit(1109805245.367:0): avc: denied { execute } for pid=5516 path=/usr/lib/locale/locale-archive dev=dm-0 ino=263488 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:locale_t tclass=file Mar 2 17:14:05 cisit6 kernel: audit(1109805245.368:0): avc: denied { execute } for pid=5516 path=/usr/lib/locale/en_US.utf8/LC_IDENTIFICATION dev=dm-0 ino=261166 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:locale_t tclass=file
What can I do to fix this? I have not had time to try a database connection yet. I am sure that will generate a few more avc messages.
Are you getting this in rawhide or in FC3?
Looks to me like you should be able to dontaudit these. Your httpd scripts are trying to access the tty devices, which they should not.
Why is it trying to execute locale stuff?
Thanks,
Jason Dravet
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
