selinux and httpd don't start on boot - message error EAI9
Carlos Chavez
cachch at gmail.com
Tue Jun 10 04:03:10 UTC 2008
Unfortunately the list has a limit so i can not post the full list of
messages, the following is just part of the messages related to the httpd:
type=AVC msg=audit(1213067949.988:317): avc: denied { search } for
pid=2004 comm="httpd" name="selinux" dev=dm-0 ino=5235563
scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
type=SYSCALL msg=audit(1213067949.988:317): arch=40000003 syscall=5
success=no exit=-13 a0=196e92 a1=8000 a2=1b6 a3=0 items=0 ppid=2003
pid=2004 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd"
exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1213067949.991:318): avc: denied { search } for
pid=2004 comm="httpd" name="/" dev=selinuxfs ino=1
scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=dir
type=SYSCALL msg=audit(1213067949.991:318): arch=40000003 syscall=195
success=no exit=-13 a0=bfc9b81c a1=bfc9b7bc a2=555ff4 a3=bfc9b81c
items=0 ppid=2003 pid=2004 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd"
exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1213067949.991:319): avc: denied { search } for
pid=2004 comm="httpd" name="/" dev=selinuxfs ino=1
scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=dir
type=SYSCALL msg=audit(1213067949.991:319): arch=40000003 syscall=5
success=no exit=-13 a0=bfc9b7f4 a1=8000 a2=0 a3=8000 items=0 ppid=2003
pid=2004 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd"
exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=MAC_CONFIG_CHANGE msg=audit(1213069227.345:1828):
bool=httpd_can_network_connect val=1 old_val=0 auid=500 ses=1
type=MAC_CONFIG_CHANGE msg=audit(1213069266.437:1833):
bool=httpd_can_network_connect_db val=1 old_val=0 auid=500 ses=1
Cheers.
Carlos Chávez.
2008/6/4 Eric Paris <eparis at redhat.com>:
> On Wed, 2008-06-04 at 00:29 -0600, Carlos Chavez wrote:
> > Hi Eric.
> > I think so.
> >
> > cat /var/log/messages | grep denied
> > cat /var/log/messages | grep avc
> >
> > any command show no output and
> >
> > ausearch -m AVC
> >
> > show this:
> > ----
> > time->Tue Jun 3 23:39:03 2008
> >
> > type=SYSCALL msg=audit(1212557943.344:16): arch=40000003 syscall=11
> success=yes exit=0 a0=9872498 a1=9870c50 a2=9870af0 a3=0 items=0 ppid=2878
> pid=2879 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> tty=pts2 ses=1 comm="NetworkManager" exe="/usr/sbin/NetworkManager"
> subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
> >
> > type=AVC msg=audit(1212557943.344:16): avc: denied { read write } for
> pid=2879 comm="NetworkManager"
> path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.data" dev=dm-0
> ino=8356254 scontext=unconfined_u:system_r:NetworkManager_t:s0
> tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
> >
> > type=AVC msg=audit(1212557943.344:16): avc: denied { read write } for
> pid=2879 comm="NetworkManager"
> path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.index" dev=dm-0
> ino=8356253 scontext=unconfined_u:system_r:NetworkManager_t:s0
> tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
> >
> > that messages was when a restart the NetworkManager as root on a
> > shell.
> >
> > Cheers.
> > Carlos Chávez.
>
> Huh... If you system is new enough to support it, can you try
>
> semodule -DB
> and then reboot
> after it comes up and fails give us the output of ausearch -m AVC
> again...
>
> -Eric
>
>
--
Carlos Chávez
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080609/ad810dcf/attachment.htm>
More information about the fedora-selinux-list
mailing list