Pedro Silva wrote:
I'm using Bugzilla from the Fedora repository in a F7 system.
These are the AVC: denied I got so far.
type=AVC msg=audit(1182965584.648:92): avc: denied { read } for
pid=3437 comm
="index.cgi" name="resolv.conf" dev=dm-0 ino=1211246
scontext=root:system_r:http
d_bugzilla_script_t:s0 tcontext=system_u:object_r:net_conf_t:s0
tclass=file
Any idea why bugzilla is reading resolv.conf? Is it trying to
translates a UID?
type=AVC msg=audit(1182965584.648:93): avc: denied { create } for
pid=3437 co
mm="index.cgi" scontext=root:system_r:httpd_bugzilla_script_t:s0
tcontext=root:s
ystem_r:httpd_bugzilla_script_t:s0 tclass=udp_socket
Why is it trying to create a udp socket?
type=AVC msg=audit(1183036604.813:648): avc: denied { read write }
for pid=16
313 comm="sendmail" name="[335348]" dev=sockfs ino=335348
scontext=root:system_r
:system_mail_t:s0 tcontext=root:system_r:httpd_bugzilla_script_t:s0
tclass=unix_
stream_socket
This looks potentially like a leaked file descriptor? Or is sendmail
reading and writing to a unix_stream_socket created by the bugzilla cgi?
Could you run this in permissive mode to gather all of the avc messages.
This last one is the only one that keeps happening after the initial
configuration.
Bugzilla seems to work just fine; no mail notification seems to be lost.
The mailer in this system is Postfix.
I think Bugzilla is trying to create a file in /var/lib/bugzilla/data
without success.
--
CERTISIGN <http://www.certisign.com.br/>**Pedro Silva**
Especialista de Desenvolvimento
(21) 4501 1026
Certisign Certificadora Digital
certisign.com.br <http://www.certisign.com.br/>
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
