On Thu, 2005-04-21 at 10:02 -0700, Ben wrote: > I'm seeing avc errors, and it's pretty unclear to me what's causing them. > What's being complained about, here? > > 1 Time(s): audit(1113980474.264:0): avc: denied { search } for pid=7148 > exe=/bin/bash name=log dev=md0 ino=3260417 > scontext=root:system_r:httpd_sys_script_t > tcontext=system_u:object_r:var_log_t tclass=dir > > > I would guess that some script is trying to list a log directory on > /dev/md0, but that's about all I can guess from this and it doesn't help > me track it down to a useful level anyway. Not list, just perform a lookup, e.g a CGI script is attempting to access something under /var/log (requiring search access to the log directory), and this is denied in the policy. Note that you can sometimes get more information by enabling system call auditing, e.g. use auditctl -e 1 or boot your kernel with audit=1; the audit framework will then output a separate syscall audit record upon syscall exit after any such avc messages with the relevant syscall and arguments. Likely your script wants to append to log files under /var/log/httpd. Looks like the current policy allows httpd itself to do this, but not CGI scripts. -- Stephen Smalley <sds@xxxxxxxxxxxxx> National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list