selinux and ASP for Linux
Daniel J Walsh
dwalsh at redhat.com
Mon Mar 7 15:41:01 UTC 2005
Jason Dravet wrote:
>While asp works, I get the following in my /var/log/messages
>
>Mar 2 17:14:05 cisit6 kernel: audit(1109805245.364:0): avc: denied { read
>write } for pid=5516 exe=/opt/casp/tools/bin/linux2_i686/perl5/bin/perl
>name=1 dev=devpts ino=3 scontext=root:system_r:httpd_sys_script_t
>tcontext=root:object_r:devpts_t tclass=chr_file
>Mar 2 17:14:05 cisit6 kernel: audit(1109805245.365:0): avc: denied { read
>write } for pid=5516 exe=/opt/casp/tools/bin/linux2_i686/perl5/bin/perl
>path=/dev/pts/1 dev=devpts ino=3 scontext=root:system_r:httpd_sys_script_t
>tcontext=root:object_r:devpts_t tclass=chr_file
>Mar 2 17:14:05 cisit6 kernel: audit(1109805245.367:0): avc: denied {
>execute } for pid=5516 path=/usr/lib/locale/locale-archive dev=dm-0
>ino=263488 scontext=root:system_r:httpd_sys_script_t
>tcontext=root:object_r:locale_t tclass=file
>Mar 2 17:14:05 cisit6 kernel: audit(1109805245.368:0): avc: denied {
>execute } for pid=5516 path=/usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
>dev=dm-0 ino=261166 scontext=root:system_r:httpd_sys_script_t
>tcontext=system_u:object_r:locale_t tclass=file
>
>What can I do to fix this? I have not had time to try a database connection
>yet. I am sure that will generate a few more avc messages.
>
>
>
Are you getting this in rawhide or in FC3?
Looks to me like you should be able to dontaudit these. Your httpd
scripts are trying to access the tty devices, which they should not.
Why is it trying to execute locale stuff?
>Thanks,
>
>Jason Dravet
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
More information about the fedora-selinux-list
mailing list