Aaron Gray wrote:
I am trying to audit2allow on F10 to allow a cgi-bin perl script to run
on Apache. Runs fine in permissive mode not in enforcing.
I bought the O'Reilly SE Linux book and learned the basics but it does
not really seem to help me on Fedora.
there was no /var/log/kernel so I tried /var/log/secure with the
following command sequence
setenforce 0
# access the cgi from the web
setenforce 1
audit2allow -l -i /var/log/secure
The audit log file is /var/log/audit/audit.log. Note, you must have root
privileges to read it.
What is strange also is the system is not flagging things up as a
notification icon anymore in enforcing mode.
Thanks for the reply.
Do you mean the "Star" Icon which opens the SETroubleshoot browser is not
appearing on your desktop?
Yep.
If so are there any errors in /var/log/setroubleshoot/setroubleshootd.log?
Yep.
Are there actually AVC messages in the /var/log/audit/audit.log file?
Yep.
What version of setroubleshoot is installed?
F10's ? Version 2.0.12
It runs when I select it from the command line but not automatically on
violations.
~~~~~~~~~~~~setroubleshooth.log~~~~~~~~~~~~
2009-03-20 16:58:15,020 [program.ERROR] setroubleshoot generated AVC,
exiting to avoid recursion, context=system_u:system_r:setroubleshootd_t:s0,
AVC scontext=system_u:system_r:setroubleshootd_t:s0
2009-03-20 16:58:15,020 [program.ERROR] audit event
node=localhost.localdomain type=AVC msg=audit(1237568294.768:209): avc:
denied { signull } for pid=2480 comm="setroubleshootd"
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=process
node=localhost.localdomain type=SYSCALL msg=audit(1237568294.768:209):
arch=40000003 syscall=37 success=yes exit=0 a0=7d11 a1=0 a2=5cf70c a3=7d11
items=0 ppid=1 pid=2480 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd"
exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 key=(null)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Does this give any clues ?
Aaron
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list