FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 04-20-2008, 04:30 PM
Edward Kuns
 
Default AVCs from restarting httpd but only when in permissive mode

I had to reboot earlier this week because X crashed in a way that took
out my keyboard, requiring a reboot to get the keyboard to work again.
And when I temporarily set to permissive some time ago to do some
testing, then set back to enforcing, somehow my "default" mode got left
in permissive. That's now fixed and I'm back in enforcing mode.
Anyway, after the reboot I came up in permissive mode, which is how I
discovered this.

If I restart httpd while in permissive mode, I get two AVCs. If I
restart httpd while in enforcing mode, I get none. Is this normal or
expected? Since I only get these AVCs while in permissive mode, there's
no error in httpd logs to look for. (And when I look anyway, all I see
is normal "starting up" sorts of messages.)

type=AVC msg=audit(1208684921.858:22475): avc: denied { read write }
for pid=2956 comm="httpd" name="context" dev=selinuxfs ino=5
scontext=system_u:system_r:httpd_t:s0
tcontext=system_ubject_r:security_t:s0 tclass=file
type=SYSCALL msg=audit(1208684921.858:22475): arch=40000003 syscall=5
success=yes exit=14 a0=bfc89488 a1=8002 a2=0 a3=8002 items=0 ppid=1
pid=2956 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd"
subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1208684921.858:22476): avc: denied
{ check_context } for pid=2956 comm="httpd"
scontext=system_u:system_r:httpd_t:s0
tcontext=system_ubject_r:security_t:s0 tclass=security
type=SYSCALL msg=audit(1208684921.858:22476): arch=40000003 syscall=4
success=yes exit=33 a0=e a1=b931e310 a2=21 a3=b931e310 items=0 ppid=1
pid=2956 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd"
subj=system_u:system_r:httpd_t:s0 key=(null)

Eddie

--
Eddie Kuns | Home: ekuns@kilroy.chi.il.us
--------------/ URL: http://kilroy.chi.il.us/
"Ah, savory cheese puffs, made inedible by time and fate." -- The Tick

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 04-21-2008, 07:35 PM
Daniel J Walsh
 
Default AVCs from restarting httpd but only when in permissive mode

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Edward Kuns wrote:
> I had to reboot earlier this week because X crashed in a way that took
> out my keyboard, requiring a reboot to get the keyboard to work again.
> And when I temporarily set to permissive some time ago to do some
> testing, then set back to enforcing, somehow my "default" mode got left
> in permissive. That's now fixed and I'm back in enforcing mode.
> Anyway, after the reboot I came up in permissive mode, which is how I
> discovered this.
>
> If I restart httpd while in permissive mode, I get two AVCs. If I
> restart httpd while in enforcing mode, I get none. Is this normal or
> expected? Since I only get these AVCs while in permissive mode, there's
> no error in httpd logs to look for. (And when I look anyway, all I see
> is normal "starting up" sorts of messages.)
>
> type=AVC msg=audit(1208684921.858:22475): avc: denied { read write }
> for pid=2956 comm="httpd" name="context" dev=selinuxfs ino=5
> scontext=system_u:system_r:httpd_t:s0
> tcontext=system_ubject_r:security_t:s0 tclass=file
> type=SYSCALL msg=audit(1208684921.858:22475): arch=40000003 syscall=5
> success=yes exit=14 a0=bfc89488 a1=8002 a2=0 a3=8002 items=0 ppid=1
> pid=2956 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd"
> subj=system_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1208684921.858:22476): avc: denied
> { check_context } for pid=2956 comm="httpd"
> scontext=system_u:system_r:httpd_t:s0
> tcontext=system_ubject_r:security_t:s0 tclass=security
> type=SYSCALL msg=audit(1208684921.858:22476): arch=40000003 syscall=4
> success=yes exit=33 a0=e a1=b931e310 a2=21 a3=b931e310 items=0 ppid=1
> pid=2956 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd"
> subj=system_u:system_r:httpd_t:s0 key=(null)
>
> Eddie
>
Yes, a previous dontaudit would have stopped the library that http is
loading from executing the "check_context" code, so enforcing would get
no avc's while permissive reports them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkgM7H8ACgkQrlYvE4MpobNhHACgmMpctdBxmY 0pKCoqoH8524sO
lBUAoNroH3KNAtyttBJrNb6UvffN8Bqc
=lxs1
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 10:24 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org