Can somebody help me?
Russell Coker
russell at coker.com.au
Sun Apr 10 14:41:33 UTC 2005
On Wednesday 06 April 2005 06:13, "Hongwei Li" <hongwei at wustl.edu> wrote:
> I just found that my fc3 system log shows many, many entries like below:
>
> Apr 5 14:50:42 morpheus kernel: audit(1112730642.889:0): avc: denied {
> ioctl } for pid=32509 exe=/usr/bin/perl path=/proc/loadavg dev=proc
> ino=-268435456 scontext=user_u:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:proc_t tclass=file
To get an ioctl message there must already be read or write access granted.
In that case adding ioctl as well won't do any harm, so just add the
following to your policy source and load the new policy:
allow httpd_sys_script_t:proc_t:file ioctl;
We'll need to add that for FC4.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list