On Thu, 2007-02-08 at 10:35 +0000, Dan Track wrote:
> I enabled the auditctl and got the following in /var/log/messages
>
> Feb 8 10:26:51 jupiter kernel: audit(1170930411.956:2939): avc:
> denied { getattr } for pid=6992 comm="beltane_cp"
> name="TMPFILuB4KTI" dev=sda3 ino=147701
> scontext=root:system_r:httpd_sys_script_t
> tcontext=root:object_r:httpd_var_lib_t tclass=file
> Feb 8 10:26:51 jupiter kernel: audit(1170930411.956:2939):
> arch=40000003 syscall=196 success=no exit=-13 a0=bff6ab9d a1=bfed575c
> a2=8a9ff4 a3=bfed575c items=1 pid=6992 auid=4294967295 uid=48 gid=48
> euid=0 suid=0 fsuid=0 egid=48 sgid=48 fsgid=48 comm="beltane_cp"
> exe="/usr/local/bin/beltane_cp"
> Feb 8 10:26:51 jupiter kernel: audit(1170930411.956:2939):
> path="/var/lib/yule/profiles/TMPFILuB4KTI"
> Feb 8 10:26:51 jupiter kernel: audit(1170930411.956:2939):
> cwd="/opt/www/beltane/php"
> Feb 8 10:26:51 jupiter kernel: audit(1170930411.956:2939):
> name="/var/lib/yule/profiles/TMPFILuB4KTI" flags=0
> Feb 8 10:26:51 jupiter kernel: inode=147701 dev=08:03 mode=0100600
> ouid=48 ogid=48 rdev=00:00
>
> Hope this helps to figure out what is going on.
That shows the full path information for the access
to /var/lib/yule/profiles. Just need to select an appropriate type for
that directory that allows your script to write to it as is, like
httpd_sys_script_rw_t, and apply it to those files. In FC4 or earlier,
that would be something like:
chcon -R -t httpd_sys_script_rw_t /var/lib/yule/profiles
But I was hoping to also see the audit information for the other denial
(the getsession one) - can you reproduce it with audit enabled? And
then when you get the output, take the first argument (a0) and check to
see what process it corresponds to.
--
Stephen Smalley
National Security Agency
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
