AVCs from restarting httpd but only when in permissive mode

Edward Kuns ekuns at kilroy.chi.il.us
Sun Apr 20 16:30:14 UTC 2008 

I had to reboot earlier this week because X crashed in a way that took
out my keyboard, requiring a reboot to get the keyboard to work again.
And when I temporarily set to permissive some time ago to do some
testing, then set back to enforcing, somehow my "default" mode got left
in permissive.  That's now fixed and I'm back in enforcing mode.
Anyway, after the reboot I came up in permissive mode, which is how I
discovered this.

If I restart httpd while in permissive mode, I get two AVCs.  If I
restart httpd while in enforcing mode, I get none.  Is this normal or
expected?  Since I only get these AVCs while in permissive mode, there's
no error in httpd logs to look for.  (And when I look anyway, all I see
is normal "starting up" sorts of messages.)

type=AVC msg=audit(1208684921.858:22475): avc:  denied  { read write }
for  pid=2956 comm="httpd" name="context" dev=selinuxfs ino=5
scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=file
type=SYSCALL msg=audit(1208684921.858:22475): arch=40000003 syscall=5
success=yes exit=14 a0=bfc89488 a1=8002 a2=0 a3=8002 items=0 ppid=1
pid=2956 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd"
subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1208684921.858:22476): avc:  denied
{ check_context } for  pid=2956 comm="httpd"
scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=security
type=SYSCALL msg=audit(1208684921.858:22476): arch=40000003 syscall=4
success=yes exit=33 a0=e a1=b931e310 a2=21 a3=b931e310 items=0 ppid=1
pid=2956 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd"
subj=system_u:system_r:httpd_t:s0 key=(null)

	Eddie

-- 
  Eddie Kuns  |  Home: ekuns at kilroy.chi.il.us
--------------/  URL:  http://kilroy.chi.il.us/
  "Ah, savory cheese puffs, made inedible by time and fate." -- The Tick

More information about the fedora-selinux-list mailing list