-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/21/2013 04:50 PM, m.roth@xxxxxxxxx wrote: > Daniel J Walsh wrote: >> On 10/21/2013 04:28 PM, Daniel J Walsh wrote: >>> On 10/21/2013 04:24 PM, m.roth@xxxxxxxxx wrote: >>>> The sealert tells me that a file named index.cgi is running avc on >>>> sysfs_t. Is there any tool that would get me the *full* path of >>>> index.cgi, as there are several of them, for several websites >>>> (including bugzilla)? >>> >>>> CentOS 6.4. >>> >>> You can turn on full auditing which should generate the path. > <snip> >>> Or you can turn it on temporarily (Until next reboot) >>> >>> auditctl -w /etc/shadow >> >> Here is a blog I wrote on this a few years back. >> >> http://danwalsh.livejournal.com/34903.html?thread=220247 > > No joy, anywhere. I found some AVC's and looked at the inode... > /dev/char/203.11. And the sealert tells me only (for example) SELinux is > preventing /usr/bin/perl from read access on the file > /sys/devices/system/node/node0/meminfo. > > Obviously, index.cgi is in perl.... > > mark > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > > Well it would only happen after the next AVC. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJllDcACgkQrlYvE4MpobN/MACdHan7ArNbyAY61Ss9SWQLZZOQ YQMAn2w6CSdll0a5UowF5ic0zmaGRPMG =/+8c -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
