Apache crashing in F-11
Rob Crittenden
rcritten at redhat.com
Fri Aug 14 13:16:36 UTC 2009
I'm having a problem where Apache is segfaulting when SELinux is enabled
because of an AVC. I'm using freeIPA which defines a mod_python handler.
The AVCs are:
type=AVC msg=audit(1250255388.275:27650): avc: denied { execute } for
pid=7849 comm="httpd"
path=2F746D702F6666696A7435517772202864656C6574656429 dev=sda1
ino=442585 scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_tmp_t:s0 tclass=file
type=AVC msg=audit(1250255388.288:27652): avc: denied { execute } for
pid=7850 comm="httpd"
path=2F6465762F73686D2F6666696D436E667967202864656C6574656429 dev=tmpfs
ino=33960 scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_tmpfs_t:s0 tclass=file
audit2allow generated this:
module test 1.0;
require {
type httpd_tmp_t;
type httpd_t;
type httpd_tmpfs_t;
class file execute;
}
#============= httpd_t ==============
allow httpd_t httpd_tmp_t:file execute;
allow httpd_t httpd_tmpfs_t:file execute;
I'm a bit stumped. What should I look for, something doing an exec,
something messing in /tmp, both?
thanks
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090814/2bf1166a/attachment.bin>
More information about the fedora-selinux-list
mailing list