Joe Orton wrote:
On Mon, Feb 07, 2005 at 09:54:04AM +0200, Fred New wrote:
I am getting the following message once a week on a standard FC3 system. Is this one of those denials that shouldn't be audited?:
Feb 6 04:02:26 nimeta01 kernel: audit(1107655346.258:0): avc: denied
{ ioctl } for pid=3587 exe=/usr/sbin/httpd
path=/var/log/httpd/error_log.1 dev=hda3 ino=1174805
scontext=user_u:system_r:httpd_t tcontext=root:object_r:httpd_runtime_t
tclass=file
I've also seen this a few times on my FC3 test box too now, it triggers on logrotate runs when the server is restarted.
Do you have mod_perl installed? I believe it's Perl which does random ioctl calls on fd's 0-3, I don't know why, but it should probably marked as "dontaudit".
joe
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
Added dontaudit for 1.17.30-2.83
