-------- Original Message -------- From: Daniel J Walsh dwalsh@redhat.com
On 10/19/2012 10:48 AM, m.roth@5-cent.us wrote: From: Daniel J Walsh dwalsh@redhat.com On 10/17/2012 01:22 PM, m.roth@5-cent.us wrote:
Daniel J Walsh wrote:
On 10/17/2012 11:48 AM, m.roth@5-cent.us wrote:
Did you check the label on /var/run/pcscd.pid? What is the actual avc you are seeing?
-rw-r--r--. root root system_u:object_r:pcscd_var_run_t:s0 /var/run/pcscd.pid
And the sealert shows just the catchall.
SELinux is preventing /usr/sbin/httpd from read access on the file /var/run/pcscd.pid.
***** Plugin catchall (100. confidence) Can you execute ausearch -m avc
I think this is a sample of what you were asking for: time->Fri Oct 19 00:45:01 2012 type=SYSCALL msg=audit(1350621901.305:71913): arch=c000003e syscall=2 success=ye s exit=18 a0=7f0ebf4a6e22 a1=0 a2=1b6 a3=0 items=0 ppid=6184 pid=6247 auid=42949 67295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_ t:s0 key=(null) type=AVC msg=audit(1350621901.305:71913): avc: denied { open } for pid=6247 c omm="httpd" name="pcscd.pid" dev=sda3 ino=81412261 scontext=system_u:system_r:ht tpd_t:s0 tcontext=system_u:object_r:pcscd_var_run_t:s0 tclass=file type=AVC msg=audit(1350621901.305:71913): avc: denied { read } for pid=6247 c omm="httpd" name="pcscd.pid" dev=sda3 ino=81412261 scontext=system_u:system_r:ht tpd_t:s0 tcontext=system_u:object_r:pcscd_var_run_t:s0 tclass=file
mark
selinux@lists.fedoraproject.org