FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User
Reload this Page Why httpd wants to access /boot?

 
 
LinkBack Thread Tools
 
Old 08-19-2012, 06:09 PM
Georgios Petasis
 
Default Why httpd wants to access /boot?
Hi all,

I am getting this strange selinux denial, each time the httpd server is
restarted:


type=AVC msg=audit(1345399262.193:190): avc: denied { getattr } for
pid=3900 comm="httpd" path="/boot" dev="sda2" ino=2
scontext=system_u:system_r:httpd_t:s0
tcontext=system_ubject_r:boot_t:s0 tclass=dir


Does anyone knows why is it trying to read /boot?

grep "/boot" and "boot" in all files in /etc/httpd didn't show any matches.

George
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 08-20-2012, 09:53 AM
Daniel J Walsh
 
Default Why httpd wants to access /boot?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/19/2012 02:09 PM, Georgios Petasis wrote:
> Hi all,
>
> I am getting this strange selinux denial, each time the httpd server is
> restarted:
>
> type=AVC msg=audit(1345399262.193:190): avc: denied { getattr } for
> pid=3900 comm="httpd" path="/boot" dev="sda2" ino=2
> scontext=system_u:system_r:httpd_t:s0 tcontext=system_ubject_r:boot_t:s0
> tclass=dir
>
> Does anyone knows why is it trying to read /boot?
>
> grep "/boot" and "boot" in all files in /etc/httpd didn't show any
> matches.
>
> George

More then likely some kind of listing of / or is /boot a mount point, it could
be looking at all mount points. Usually these we dontaudit, since it is
probably just noice.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAyCTEACgkQrlYvE4MpobMxawCdHilpwFIoLX zp4U4y184WFc84
DcYAn2DRBfcBSoqCtYITpQViwneBE49t
=BOFV
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 08-21-2012, 08:06 AM
Georgios Petasis
 
Default Why httpd wants to access /boot?
Στις 20/8/2012 12:53, ο/η Daniel J Walsh *γραψε:

On 08/19/2012 02:09 PM, Georgios Petasis wrote:

Hi all,

I am getting this strange selinux denial, each time the httpd server is
restarted:

type=AVC msg=audit(1345399262.193:190): avc: denied { getattr } for
pid=3900 comm="httpd" path="/boot" dev="sda2" ino=2
scontext=system_u:system_r:httpd_t:s0 tcontext=system_ubject_r:boot_t:s0
tclass=dir

Does anyone knows why is it trying to read /boot?

grep "/boot" and "boot" in all files in /etc/httpd didn't show any
matches.

George

More then likely some kind of listing of / or is /boot a mount point, it could
be looking at all mount points. Usually these we dontaudit, since it is
probably just noice.


Yes, /boot is a mount point. Can I somehow disable the notification I am
getting about this on my desktop?


George
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 08-23-2012, 10:55 AM
Daniel J Walsh
 
Default Why httpd wants to access /boot?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/21/2012 04:06 AM, Georgios Petasis wrote:
> Στις 20/8/2012 12:53, ο/η Daniel J Walsh *γραψε:
>> On 08/19/2012 02:09 PM, Georgios Petasis wrote:
>>> Hi all,
>>>
>>> I am getting this strange selinux denial, each time the httpd server
>>> is restarted:
>>>
>>> type=AVC msg=audit(1345399262.193:190): avc: denied { getattr } for
>>> pid=3900 comm="httpd" path="/boot" dev="sda2" ino=2
>>> scontext=system_u:system_r:httpd_t:s0
>>> tcontext=system_ubject_r:boot_t:s0 tclass=dir
>>>
>>> Does anyone knows why is it trying to read /boot?
>>>
>>> grep "/boot" and "boot" in all files in /etc/httpd didn't show any
>>> matches.
>>>
>>> George
>> More then likely some kind of listing of / or is /boot a mount point, it
>> could be looking at all mount points. Usually these we dontaudit, since
>> it is probably just noice.
>
> Yes, /boot is a mount point. Can I somehow disable the notification I am
> getting about this on my desktop?
>
> George


You can add a dontaudit rule:

# grep /boot /var/log/audit/audit.log | audit2allow -D -m myhttpd
# semodule -i myhttpd.pp

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlA2DBQACgkQrlYvE4MpobNvgACg6qTsOj73A0 lzNZFBDRCyk22C
UQIAn1L3peA4xbyOVY+SGlbl0It7oW2U
=ahFg
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 07:45 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -