On Wednesday 06 April 2005 06:13, "Hongwei Li" <hongwei@xxxxxxxxx> wrote:
> I just found that my fc3 system log shows many, many entries like below:
>
> Apr 5 14:50:42 morpheus kernel: audit(1112730642.889:0): avc: denied {
> ioctl } for pid=32509 exe=/usr/bin/perl path=/proc/loadavg dev=proc
> ino=-268435456 scontext=user_u:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:proc_t tclass=file
To get an ioctl message there must already be read or write access granted.
In that case adding ioctl as well won't do any harm, so just add the
following to your policy source and load the new policy:
allow httpd_sys_script_t:proc_t:file ioctl;
We'll need to add that for FC4.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
