Daniel J Walsh wrote: > On 10/21/2013 04:28 PM, Daniel J Walsh wrote: >> On 10/21/2013 04:24 PM, m.roth@xxxxxxxxx wrote: >>> The sealert tells me that a file named index.cgi is running avc on >>> sysfs_t. Is there any tool that would get me the *full* path of >>> index.cgi, as there are several of them, for several websites >>> (including bugzilla)? >> >>> CentOS 6.4. >> >> You can turn on full auditing which should generate the path. <snip> >> Or you can turn it on temporarily (Until next reboot) >> >> auditctl -w /etc/shadow > > Here is a blog I wrote on this a few years back. > > http://danwalsh.livejournal.com/34903.html?thread=220247 No joy, anywhere. I found some AVC's and looked at the inode... /dev/char/203.11. And the sealert tells me only (for example) SELinux is preventing /usr/bin/perl from read access on the file /sys/devices/system/node/node0/meminfo. Obviously, index.cgi is in perl.... mark -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux