mod_mono_server_global

Dan Thurman dant at cdkkt.com
Fri Jul 11 15:16:11 UTC 2008 

I get this consistenly. What can I do to fix this?
=====================================
Summary:

SELinux is preventing the mono from using potentially mislabeled files
(mod_mono_server_global).

Detailed Description:

SELinux has denied mono access to potentially mislabeled file(s)
(mod_mono_server_global). This means that SELinux will not allow mono to use
these files. It is common for users to edit files in their home 
directory or tmp
directories and then move (mv) them to system directories. The problem 
is that
the files end up with the wrong file context which confined applications 
are not
allowed to access.

Allowing Access:

If you want mono to access this files, you need to relabel them using 
restorecon
-v 'mod_mono_server_global'. You might want to relabel the entire directory
using restorecon -R -v '<Unknown>'.

Additional Information:

Source Context                system_u:system_r:httpd_t:s0
Target Context                system_u:object_r:tmp_t:s0
Target Objects                mod_mono_server_global [ sock_file ]
Source                        mono
Source Path                   /usr/bin/mono
Port                          <Unknown>
Host                          bronze.cdkkt.com
Source RPM Packages           mono-core-1.9.1-2.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-74.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   home_tmp_bad_labels
Host Name                     bronze.cdkkt.com
Platform                      Linux bronze.cdkkt.com 
2.6.25.9-76.fc9.i686 #1 SMP
                              Fri Jun 27 16:14:35 EDT 2008 i686 i686
Alert Count                   4
First Seen                    Thu 10 Jul 2008 10:55:05 AM PDT
Last Seen                     Fri 11 Jul 2008 07:37:33 AM PDT
Local ID                      96f5392e-305d-47db-8dc8-93a057a25b0e
Line Numbers                  

Raw Audit Messages            

host=bronze.cdkkt.com type=AVC msg=audit(1215787053.571:36): avc:  
denied  { create } for  pid=8865 comm="mono" 
name="mod_mono_server_global" scontext=system_u:system_r:httpd_t:s0 
tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file

host=bronze.cdkkt.com type=SYSCALL msg=audit(1215787053.571:36): 
arch=40000003 syscall=102 per=400000 success=no exit=-13 a0=2 
a1=bfc83fe0 a2=823b524 a3=4 items=0 ppid=1 pid=8865 auid=4294967295 
uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 
tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" 
subj=system_u:system_r:httpd_t:s0 key=(null)

More information about the fedora-selinux-list mailing list