Re: Selinux error help - continued

[Stephen Smalley <sds tycho nsa gov>]

On Thu, 2007-02-08 at 16:31 +0000, Dan Track wrote:
> On 2/8/07, Stephen Smalley <sds tycho nsa gov> wrote:
> > On Thu, 2007-02-08 at 16:09 +0000, Dan Track wrote:
> > > I've tried to capture the process information that is triggiring these
> > > alerts but so far I'm failing. Basically the web page is just a form
> > > which you submit as soon as you press the submit button the whole
> > > process is over in a second.
> >
> > Well, you could just wrap the script under strace or autrace or
> > something similar.
> >
> > Question:  What happens if you don't allow the getsession permission but
> > just fix up the file permissions by running chcon as I suggested?  Does
> > the getsession denial actually prevent it from working?
> >
> > --
> 
> Hi
> 
> I just ran the chcon command you gave and now the web page script
> works fine. So it seems to have fixed the problem. But I'm still
> intrigued by your investigation, and I'd like to continue it.
> 
> Since this is a httpd process how would I run strace on any child
> process that may appear?

You could wrap your current script with a script that invokes it with
strace -f -ff -o /tmp/webtrace <nameofrealscript>. Or, at a cost of
tracing the entire apache process and all descendants, you could do:
# /etc/init.d/httpd stop
# strace -f -ff -o webtrace /usr/sbin/httpd

Then you should see a webtrace.<pid> file for each process created by
httpd with the trace information.  In which you can grep for a call to
getsid and see the pid that was passed to it (and possibly how it was
obtained in the first place, from the preceding calls).

-- 
Stephen Smalley
National Security Agency