Apache crashing in F-11

Rob Crittenden <rcritten@xxxxxxxxxx> · Fri, 14 Aug 2009 09:16:36 -0400

I'm having a problem where Apache is segfaulting when SELinux is enabled 
because of an AVC. I'm using freeIPA which defines a mod_python handler.

The AVCs are:

type=AVC msg=audit(1250255388.275:27650): avc:  denied  { execute } for 
 pid=7849 comm="httpd" 
path=2F746D702F6666696A7435517772202864656C6574656429 dev=sda1 
ino=442585 scontext=unconfined_u:system_r:httpd_t:s0 
tcontext=unconfined_u:object_r:httpd_tmp_t:s0 tclass=file

type=AVC msg=audit(1250255388.288:27652): avc:  denied  { execute } for 
 pid=7850 comm="httpd" 
path=2F6465762F73686D2F6666696D436E667967202864656C6574656429 dev=tmpfs 
ino=33960 scontext=unconfined_u:system_r:httpd_t:s0 
tcontext=unconfined_u:object_r:httpd_tmpfs_t:s0 tclass=file

audit2allow generated this:

module test 1.0;

require {
        type httpd_tmp_t;
        type httpd_t;
        type httpd_tmpfs_t;
        class file execute;
}

#============= httpd_t ==============
allow httpd_t httpd_tmp_t:file execute;
allow httpd_t httpd_tmpfs_t:file execute;

I'm a bit stumped. What should I look for, something doing an exec, 
something messing in /tmp, both?

thanks

rob
Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list