From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
On 10/17/2012 01:22 PM, m.roth@xxxxxxxxx wrote:
> Daniel J Walsh wrote:
>> On 10/17/2012 11:48 AM, m.roth@xxxxxxxxx wrote:
>>
>> Did you check the label on /var/run/pcscd.pid? What is the actual avc
>> you are seeing?
> -rw-r--r--. root root system_u:object_r:pcscd_var_run_t:s0
> /var/run/pcscd.pid
>
> And the sealert shows just the catchall.
>
> SELinux is preventing /usr/sbin/httpd from read access on the file
> /var/run/pcscd.pid.
>
> ***** Plugin catchall (100. confidence)
> Can you execute
> ausearch -m avc
> And get the AVC's that way.
I was out yesterday, which is why I didn't get back to you before.
Yup, and get a ton of
type=AVC msg=audit(1350608218.778:42990): avc: denied { read write } for
pid=27757 comm="iptables" path="socket:[20864]" dev=sockfs ino=20864
scontext=system_u:system_r:iptables_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
mark
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
