Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 10/21/2013 04:50 PM, m.roth@xxxxxxxxx wrote: >> Daniel J Walsh wrote: >>> On 10/21/2013 04:28 PM, Daniel J Walsh wrote: >>>> On 10/21/2013 04:24 PM, m.roth@xxxxxxxxx wrote: >>>>> The sealert tells me that a file named index.cgi is running avc on >>>>> sysfs_t. Is there any tool that would get me the *full* path of >>>>> index.cgi, as there are several of them, for several websites >>>>> (including bugzilla)? >>>> >>>>> CentOS 6.4. >>>> >>>> You can turn on full auditing which should generate the path. >> <snip> >>>> Or you can turn it on temporarily (Until next reboot) >>>> >>>> auditctl -w /etc/shadow >>> >>> Here is a blog I wrote on this a few years back. >>> >>> http://danwalsh.livejournal.com/34903.html?thread=220247 >> >> No joy, anywhere. I found some AVC's and looked at the inode... >> /dev/char/203.11. And the sealert tells me only (for example) SELinux is >> preventing /usr/bin/perl from read access on the file >> /sys/devices/system/node/node0/meminfo. >> >> Obviously, index.cgi is in perl.... >> > Well it would only happen after the next AVC. Of course. I did the auditctl -w route, and a couple minutes later got new avc's, with the same result. mark -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
