selinux and httpd don't start on boot - message error EAI9

Carlos Chavez cachch at gmail.com
Wed Jun 4 06:29:49 UTC 2008 

Hi Eric.
I think so.

cat /var/log/messages | grep denied
cat /var/log/messages | grep avc

any command show no output and

ausearch -m AVC

show this:

----
time->Tue Jun  3 23:39:03 2008
type=SYSCALL msg=audit(1212557943.344:16): arch=40000003 syscall=11
success=yes exit=0 a0=9872498 a1=9870c50 a2=9870af0 a3=0 items=0
ppid=2878 pid=2879 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts2 ses=1 comm="NetworkManager"
exe="/usr/sbin/NetworkManager"
subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1212557943.344:16): avc:  denied  { read write }
for  pid=2879 comm="NetworkManager"
path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.data" dev=dm-0
ino=8356254 scontext=unconfined_u:system_r:NetworkManager_t:s0
tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
type=AVC msg=audit(1212557943.344:16): avc:  denied  { read write }
for  pid=2879 comm="NetworkManager"
path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.index" dev=dm-0
ino=8356253 scontext=unconfined_u:system_r:NetworkManager_t:s0
tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file

that messages was when a restart the NetworkManager as root on a shell.

Cheers.
Carlos Chávez.


2008/6/3 Eric Paris <eparis at redhat.com>:

> On Tue, 2008-06-03 at 05:46 -0600, Carlos Chavez wrote:
> > Hi Paul.
> >
> > No, there is no avc denials error messages or other selinux related
> > error messages in the logs.
> > The error messages that i post is showed only in the start up process
> > but no other messages is send to any log file.
> >
> > What i did in order to associated the error to selinux was stoped
> > selinux, when i stop selinux and restart the PC the httpd start with
> > no problems at boot time.
> >
> > I'm not sure about the NetworkManager in the logs it seems that load
> > correctly at boot time and set the network parameter as soon as the
> > process start, no delay for that.
> >
> > I have configure the ntpd to synchronize the date/time and this works
> > fine, this need the network device setup, so i think the
> > NetworkManager works too.
>
> Are you sure you are looking in the right place for those selinux denial
> messages?  look for 'denied' in /var/log/messages and look at the output
> of ausearch -m AVC
>
> -Eric
>
>


-- 
Carlos Chávez
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080604/73847f06/attachment.htm>

More information about the fedora-selinux-list mailing list