Selinux error help - continued

Stephen Smalley sds at
Thu Feb 8 18:55:15 UTC 2007

On Thu, 2007-02-08 at 17:11 +0000, Dan Track wrote:
> Ok I just ran your strace and I got two files that contain the getsid
> call. Not sure how to read where the pid is so I'll past a portion of
> the file incase you can read it better than me.

It is the argument to getsid, i.e. the number in parentheses.

> The other strange thing is that I'm not getting any more selinux
> notifications (SYSCALL) since issuing your chcon command. There are no
> httpd violations. Should I back out the chcon to get the errors back?

The selinux notifications are actually the AVC messages; the SYSCALL
records are generated by the audit system if you have system call
auditing enabled when a system call exits if any AVC messages were
emitted during the system call.  The SYSCALL records are helpful in
providing more information, but aren't fundamental to SELinux.

> getsid(26060)                           = 26059

So it tried to call getsid() on process 26060, and got 26059 as the
session ID of that process.  So look in the traces for 26059 and 26060
to see what those processes were.

Stephen Smalley
National Security Agency

More information about the fedora-selinux-list mailing list