I get the following avc from using mythtv's web interface.
----
time->Tue Jan 8 19:14:57 2013
type=SYSCALL msg=audit(1357701297.336:4077): arch=c000003e syscall=109
success=no exit=-13 a0=0 a1=0 a2=1340cb0 a3=0 items=0 ppid=5777 pid=8018
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 tty=(none) ses=4294967295 comm="mythweb.pl" exe="/usr/bin/perl"
subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)
type=AVC msg=audit(1357701297.336:4077): avc: denied { setpgid } for
pid=8018 comm="mythweb.pl"
scontext=system_u:system_r:httpd_sys_script_t:s0
tcontext=system_u:system_r:httpd_sys_script_t:s0 tclass=process
----
time->Tue Jan 8 19:17:56 2013
type=SYSCALL msg=audit(1357701476.763:4085): arch=c000003e syscall=109
success=no exit=-13 a0=0 a1=0 a2=22c5b10 a3=0 items=0 ppid=5774 pid=8113
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 tty=(none) ses=4294967295 comm="mythweb.pl" exe="/usr/bin/perl"
subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)
type=AVC msg=audit(1357701476.763:4085): avc: denied { setpgid } for
pid=8113 comm="mythweb.pl"
scontext=system_u:system_r:httpd_sys_script_t:s0
tcontext=system_u:system_r:httpd_sys_script_t:s0 tclass=process
I checked the script, ls -Z /usr/share/mythweb/mythweb.pl
-rwxr-xr-x. apache apache system_u:object_r:httpd_sys_script_exec_t:s0
/usr/share/mythweb/mythweb.pl
Should I need to define the following?
require {
type httpd_sys_script_t;
class process setpgid;
}
#============= httpd_sys_script_t ==============
allow httpd_sys_script_t self:process setpgid;
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
