Re: selinux and httpd don't start on boot - message error EAI9

"Carlos Chavez" <cachch@xxxxxxxxx> · Wed, 4 Jun 2008 00:29:49 -0600

Hi Eric.
I think so.

cat /var/log/messages | grep denied
cat /var/log/messages | grep avc

any command show no output and

ausearch -m AVC

show this:
----
time->Tue Jun  3 23:39:03 2008

type=SYSCALL msg=audit(1212557943.344:16): arch=40000003 syscall=11 success=yes exit=0 a0=9872498 a1=9870c50 a2=9870af0 a3=0 items=0 ppid=2878 pid=2879 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)

type=AVC msg=audit(1212557943.344:16): avc:  denied  { read write } for  pid=2879 comm="NetworkManager" path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.data" dev=dm-0 ino=8356254 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file

type=AVC msg=audit(1212557943.344:16): avc:  denied  { read write } for  pid=2879 comm="NetworkManager" path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.index" dev=dm-0 ino=8356253 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file 

that messages was when a restart the NetworkManager as root on a shell.

Cheers.
Carlos Chávez.

2008/6/3 Eric Paris <eparis@xxxxxxxxxx>:

On Tue, 2008-06-03 at 05:46 -0600, Carlos Chavez wrote:

> Hi Paul.

>

> No, there is no avc denials error messages or other selinux related

> error messages in the logs.

> The error messages that i post is showed only in the start up process

> but no other messages is send to any log file.

>

> What i did in order to associated the error to selinux was stoped

> selinux, when i stop selinux and restart the PC the httpd start with

> no problems at boot time.

>

> I'm not sure about the NetworkManager in the logs it seems that load

> correctly at boot time and set the network parameter as soon as the

> process start, no delay for that.

>

> I have configure the ntpd to synchronize the date/time and this works

> fine, this need the network device setup, so i think the

> NetworkManager works too.

Are you sure you are looking in the right place for those selinux denial

messages?  look for 'denied' in /var/log/messages and look at the output

of ausearch -m AVC

-Eric

-- 
Carlos Chávez
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list