Re: Bug 539519: selinux doesn't like httpd trying to read /var/run/pcscd.pid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/19/2012 10:48 AM, m.roth@xxxxxxxxx wrote:
> From: Daniel J Walsh <dwalsh@xxxxxxxxxx> On 10/17/2012 01:22 PM,
> m.roth@xxxxxxxxx wrote:
>> Daniel J Walsh wrote:
>>> On 10/17/2012 11:48 AM, m.roth@xxxxxxxxx wrote:
>>> 
>>> Did you check the label on  /var/run/pcscd.pid?  What is the actual
>>> avc you are seeing?
>> -rw-r--r--. root root system_u:object_r:pcscd_var_run_t:s0 
>> /var/run/pcscd.pid
>> 
>> And the sealert shows just the catchall.
>> 
>> SELinux is preventing /usr/sbin/httpd from read access on the file 
>> /var/run/pcscd.pid.
>> 
>> *****  Plugin catchall (100. confidence)
> 
>> Can you execute
> 
>> ausearch -m avc
> 
>> And get the AVC's that way.
> 
> I was out yesterday, which is why I didn't get back to you before.
> 
> Yup, and get a ton of type=AVC msg=audit(1350608218.778:42990): avc:
> denied  { read write } for pid=27757 comm="iptables" path="socket:[20864]"
> dev=sockfs ino=20864 scontext=system_u:system_r:iptables_t:s0 
> tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
> 
> mark
> 
> 
> 
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 

Well that is not the related AVC.  This looks like a leaked file descriptor
from whatever process is running as initrc_t and execs iptables.  Almost
surely something that could be dontaudited.

ps -eZ | grep initrc_t.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCBh2IACgkQrlYvE4MpobN2RQCeMfr9L+6jUFzKrDmoDQarmreb
Yw8AmwR457tTs2RsxzB6zGwLCsxH2A6C
=N9iG
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux