Selinux error help - continued

Dan Track dan.track at gmail.com
Thu Feb 8 14:48:13 UTC 2007 

On 2/8/07, Stephen Smalley <sds at tycho.nsa.gov> wrote:
> On Thu, 2007-02-08 at 10:35 +0000, Dan Track wrote:
> > I enabled the auditctl and got the following in /var/log/messages
> >
> > Feb  8 10:26:51 jupiter kernel: audit(1170930411.956:2939): avc:
> > denied  { getattr } for  pid=6992 comm="beltane_cp"
> > name="TMPFILuB4KTI" dev=sda3 ino=147701
> > scontext=root:system_r:httpd_sys_script_t
> > tcontext=root:object_r:httpd_var_lib_t tclass=file
> > Feb  8 10:26:51 jupiter kernel: audit(1170930411.956:2939):
> > arch=40000003 syscall=196 success=no exit=-13 a0=bff6ab9d a1=bfed575c
> > a2=8a9ff4 a3=bfed575c items=1 pid=6992 auid=4294967295 uid=48 gid=48
> > euid=0 suid=0 fsuid=0 egid=48 sgid=48 fsgid=48 comm="beltane_cp"
> > exe="/usr/local/bin/beltane_cp"
> > Feb  8 10:26:51 jupiter kernel: audit(1170930411.956:2939):
> > path="/var/lib/yule/profiles/TMPFILuB4KTI"
> > Feb  8 10:26:51 jupiter kernel: audit(1170930411.956:2939):
> > cwd="/opt/www/beltane/php"
> > Feb  8 10:26:51 jupiter kernel: audit(1170930411.956:2939):
> > name="/var/lib/yule/profiles/TMPFILuB4KTI" flags=0
> > Feb  8 10:26:51 jupiter kernel:  inode=147701 dev=08:03 mode=0100600
> > ouid=48 ogid=48 rdev=00:00
> >
> > Hope this helps to figure out what is going on.
>
> That shows the full path information for the access
> to /var/lib/yule/profiles.  Just need to select an appropriate type for
> that directory that allows your script to write to it as is, like
> httpd_sys_script_rw_t, and apply it to those files.   In FC4 or earlier,
> that would be something like:
>         chcon -R -t httpd_sys_script_rw_t /var/lib/yule/profiles
>
> But I was hoping to also see the audit information for the other denial
> (the getsession one) - can you reproduce it with audit enabled?  And
> then when you get the output, take the first argument (a0) and check to
> see what process it corresponds to.
>
> --
> Stephen Smalley
> National Security Agency
>
>

Hi
Thanks for getting back.
I started the audit daemon and I got the following come up when I
tried to create a profile from the web page:
ype=AVC msg=audit(1170945767.596:8934): avc:  denied  { getattr } for
pid=18356 comm="beltane_cp" name="TMPFILvLYQ7Z" dev=sda3 ino=147703
scontext=root:system_r:httpd_sys_script_t
tcontext=root:object_r:httpd_var_lib_t tclass=file
type=SYSCALL msg=audit(1170945767.596:8934): arch=40000003 syscall=196
success=no exit=-13 a0=bffa1b9d a1=bff42cdc a2=8a9ff4 a3=bff42cdc
items=1 pid=18356 auid=4294967295 uid=48 gid=48 euid=0 suid=0 fsuid=0
egid=48 sgid=48 fsgid=48 comm="beltane_cp"
exe="/usr/local/bin/beltane_cp"
type=AVC_PATH msg=audit(1170945767.596:8934):
path="/var/lib/yule/profiles/TMPFILvLYQ7Z"
type=CWD msg=audit(1170945767.596:8934):  cwd="/opt/www/beltane/php"
type=PATH msg=audit(1170945767.596:8934):
name="/var/lib/yule/profiles/TMPFILvLYQ7Z" flags=0  inode=147703
dev=08:03 mode=0100600 ouid=48 ogid=48 rdev=00:00
type=AVC msg=audit(1170945774.915:8935): avc:  denied  { getsession }
for  pid=15500 comm="httpd" scontext=root:system_r:httpd_t
tcontext=root:system_r:unconfined_t tclass=process
type=AVC msg=audit(1170945805.142:8936): avc:  denied  { getsession }
for  pid=31207 comm="httpd" scontext=root:system_r:httpd_t
tcontext=root:system_r:unconfined_t tclass=process
type=AVC msg=audit(1170945835.202:8937): avc:  denied  { getsession }
for  pid=15498 comm="httpd" scontext=root:system_r:httpd_t
tcontext=root:system_r:unconfined_t tclass=process

I'm not sure what you meant by the "a0" argument. The exe in the above
output shows "/usr/local/bin/beltane_cp" and the uid show 48 (apache).
Is this what you meant?

Thanks
Dan

More information about the fedora-selinux-list mailing list