Re: A quick avc question - identifying source file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Daniel J Walsh wrote:
> On 10/21/2013 04:28 PM, Daniel J Walsh wrote:
>> On 10/21/2013 04:24 PM, m.roth@xxxxxxxxx wrote:
>>> The sealert tells me that a file named index.cgi is running avc on
>>> sysfs_t. Is there any tool that would get me the *full* path of
>>> index.cgi, as there are several of them, for several websites
>>> (including bugzilla)?
>>
>>> CentOS 6.4.
>>
>> You can turn on full auditing which should generate the path.
<snip>
>> Or you can turn it on temporarily (Until next reboot)
>>
>> auditctl -w /etc/shadow
>
> Here is a blog I wrote on this a few years back.
>
> http://danwalsh.livejournal.com/34903.html?thread=220247

No joy, anywhere. I found some AVC's and looked at the inode...
/dev/char/203.11. And the sealert tells me only (for example) SELinux is
preventing /usr/bin/perl from read access on the file
/sys/devices/system/node/node0/meminfo.

Obviously, index.cgi is in perl....

     mark

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux