-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/21/2013 04:55 PM, m.roth@xxxxxxxxx wrote: > Daniel J Walsh wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 10/21/2013 04:50 PM, m.roth@xxxxxxxxx wrote: >>> Daniel J Walsh wrote: >>>> On 10/21/2013 04:28 PM, Daniel J Walsh wrote: >>>>> On 10/21/2013 04:24 PM, m.roth@xxxxxxxxx wrote: >>>>>> The sealert tells me that a file named index.cgi is running avc >>>>>> on sysfs_t. Is there any tool that would get me the *full* path >>>>>> of index.cgi, as there are several of them, for several websites >>>>>> (including bugzilla)? >>>>> >>>>>> CentOS 6.4. >>>>> >>>>> You can turn on full auditing which should generate the path. >>> <snip> >>>>> Or you can turn it on temporarily (Until next reboot) >>>>> >>>>> auditctl -w /etc/shadow >>>> >>>> Here is a blog I wrote on this a few years back. >>>> >>>> http://danwalsh.livejournal.com/34903.html?thread=220247 >>> >>> No joy, anywhere. I found some AVC's and looked at the inode... >>> /dev/char/203.11. And the sealert tells me only (for example) SELinux >>> is preventing /usr/bin/perl from read access on the file >>> /sys/devices/system/node/node0/meminfo. >>> >>> Obviously, index.cgi is in perl.... >>> >> Well it would only happen after the next AVC. > > Of course. I did the auditctl -w route, and a couple minutes later got new > avc's, with the same result. > > mark > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > No path record? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJllPQACgkQrlYvE4MpobNDBQCfVJvuMQY5/D1ofWkrAG3oaQ+9 x3sAoLT9KZwKMAWgmMFfzjr+UkLitJoD =i39V -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
