Selinux error help - continued
Stephen Smalley
sds at tycho.nsa.gov
Wed Feb 7 17:12:05 UTC 2007
On Wed, 2007-02-07 at 17:08 +0000, Dan Track wrote:
> Hi Stephen.
>
> I've moved the conversation over to the selinux list. My program is
> actually Beltane which is a web front end for managing samhain ( a
> filesystem integrity checker). The point at which the problem arises
> is when a setuid binary (belatne_cp) wants to write to a file it
> creates in the /tmp directory and then it wants to move that file to
> the /var/lib/yule/profiles directory.
Sounds like you should have a separate domain for that binary, and a
separate type on that directory, so that you can give it the right
permissions without affecting anything else.
> Its at this point I get the
> selinux error:
>
> Feb 7 14:26:10 jupiter kernel: audit(1170858370.177:2547): avc:
> denied { getsession } for pid=555 comm="httpd"
> scontext=root:system_r:httpd_t tcontext=root:system_r:unconfined_t
> tclass=process
Question is what process is the target of this getsid(2) call?
You can find out more information by enabling system call auditing and
retrying. auditctl -e 1 or boot with audit=1 or run auditd.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list