Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dan Thurman wrote:
> I get this consistenly. What can I do to fix this?
> =====================================
> Summary:
>
> SELinux is preventing the mono from using potentially mislabeled files
> (mod_mono_server_global).
>
> Detailed Description:
>
> SELinux has denied mono access to potentially mislabeled file(s)
> (mod_mono_server_global). This means that SELinux will not allow
mono to
> use
> these files. It is common for users to edit files in their home
> directory or tmp
> directories and then move (mv) them to system directories. The problem
> is that
> the files end up with the wrong file context which confined
applications
> are not
> allowed to access.
>
> Allowing Access:
>
> If you want mono to access this files, you need to relabel them using
> restorecon
> -v 'mod_mono_server_global'. You might want to relabel the entire
directory
> using restorecon -R -v '<Unknown>'.
>
> Additional Information:
>
> Source Context system_u:system_r:httpd_t:s0
> Target Context system_u:object_r:tmp_t:s0
> Target Objects mod_mono_server_global [ sock_file ]
> Source mono
> Source Path /usr/bin/mono
> Port <Unknown>
> Host bronze.cdkkt.com
> Source RPM Packages mono-core-1.9.1-2.fc9
> Target RPM Packages Policy RPM
> selinux-policy-3.3.1-74.fc9
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name home_tmp_bad_labels
> Host Name bronze.cdkkt.com
> Platform Linux bronze.cdkkt.com
> 2.6.25.9-76.fc9.i686 #1 SMP
> Fri Jun 27 16:14:35 EDT 2008 i686 i686
> Alert Count 4
> First Seen Thu 10 Jul 2008 10:55:05 AM PDT
> Last Seen Fri 11 Jul 2008 07:37:33 AM PDT
> Local ID 96f5392e-305d-47db-8dc8-93a057a25b0e
> Line Numbers
> Raw Audit Messages
> host=bronze.cdkkt.com type=AVC msg=audit(1215787053.571:36): avc:
> denied { create } for pid=8865 comm="mono"
> name="mod_mono_server_global" scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
>
> host=bronze.cdkkt.com type=SYSCALL msg=audit(1215787053.571:36):
> arch=40000003 syscall=102 per=400000 success=no exit=-13 a0=2
> a1=bfc83fe0 a2=823b524 a3=4 items=0 ppid=1 pid=8865 auid=4294967295
> uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48
> tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono"
> subj=system_u:system_r:httpd_t:s0 key=(null)
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
You can add policy to allow it by using audit2allow.
Why does mod_mono_server_global create sock files in /tmp instead of
/var/run? System applications should use /var/run instead of /tmp for
creation of temporary files/sockets.
Are you asking me? I have NO CLUE why mono is
creating sockets in /tmp and I know this is improper.
Do you think that I need to look into some configuration
file somewhere that is mis-configured? I couldn't find
it so far.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
