Bugzilla's AVC: denied
Daniel J Walsh
dwalsh at redhat.com
Mon Jul 2 18:14:42 UTC 2007
Pedro Silva wrote:
> I'm using Bugzilla from the Fedora repository in a F7 system.
> These are the AVC: denied I got so far.
>
> type=AVC msg=audit(1182965584.648:92): avc: denied { read } for
> pid=3437 comm
> ="index.cgi" name="resolv.conf" dev=dm-0 ino=1211246
> scontext=root:system_r:http
> d_bugzilla_script_t:s0 tcontext=system_u:object_r:net_conf_t:s0
> tclass=file
>
Any idea why bugzilla is reading resolv.conf? Is it trying to
translates a UID?
> type=AVC msg=audit(1182965584.648:93): avc: denied { create } for
> pid=3437 co
> mm="index.cgi" scontext=root:system_r:httpd_bugzilla_script_t:s0
> tcontext=root:s
> ystem_r:httpd_bugzilla_script_t:s0 tclass=udp_socket
Why is it trying to create a udp socket?
>
> type=AVC msg=audit(1183036604.813:648): avc: denied { read write }
> for pid=16
> 313 comm="sendmail" name="[335348]" dev=sockfs ino=335348
> scontext=root:system_r
> :system_mail_t:s0 tcontext=root:system_r:httpd_bugzilla_script_t:s0
> tclass=unix_
> stream_socket
This looks potentially like a leaked file descriptor? Or is sendmail
reading and writing to a unix_stream_socket created by the bugzilla cgi?
Could you run this in permissive mode to gather all of the avc messages.
>
> This last one is the only one that keeps happening after the initial
> configuration.
>
> Bugzilla seems to work just fine; no mail notification seems to be lost.
>
> The mailer in this system is Postfix.
>
> I think Bugzilla is trying to create a file in /var/lib/bugzilla/data
> without success.
>
> --
>
> CERTISIGN <http://www.certisign.com.br/>**Pedro Silva**
> Especialista de Desenvolvimento
> (21) 4501 1026
>
> Certisign Certificadora Digital
> certisign.com.br <http://www.certisign.com.br/>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list