Newbie Q
Aaron Gray
aaronngray.lists at googlemail.com
Fri Mar 20 23:22:17 UTC 2009
> Aaron Gray wrote:
>> I am trying to audit2allow on F10 to allow a cgi-bin perl script to run
>> on Apache. Runs fine in permissive mode not in enforcing.
>>
>> I bought the O'Reilly SE Linux book and learned the basics but it does
>> not really seem to help me on Fedora.
>>
>> there was no /var/log/kernel so I tried /var/log/secure with the
>> following command sequence
>>
>> setenforce 0
>>
>> # access the cgi from the web
>>
>> setenforce 1
>>
>> audit2allow -l -i /var/log/secure
> The audit log file is /var/log/audit/audit.log. Note, you must have root
> privileges to read it.
>>
>>
>> What is strange also is the system is not flagging things up as a
>> notification icon anymore in enforcing mode.
Thanks for the reply.
> Do you mean the "Star" Icon which opens the SETroubleshoot browser is not
> appearing on your desktop?
Yep.
> If so are there any errors in /var/log/setroubleshoot/setroubleshootd.log?
Yep.
> Are there actually AVC messages in the /var/log/audit/audit.log file?
Yep.
> What version of setroubleshoot is installed?
F10's ? Version 2.0.12
It runs when I select it from the command line but not automatically on
violations.
~~~~~~~~~~~~setroubleshooth.log~~~~~~~~~~~~
2009-03-20 16:58:15,020 [program.ERROR] setroubleshoot generated AVC,
exiting to avoid recursion, context=system_u:system_r:setroubleshootd_t:s0,
AVC scontext=system_u:system_r:setroubleshootd_t:s0
2009-03-20 16:58:15,020 [program.ERROR] audit event
node=localhost.localdomain type=AVC msg=audit(1237568294.768:209): avc:
denied { signull } for pid=2480 comm="setroubleshootd"
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=process
node=localhost.localdomain type=SYSCALL msg=audit(1237568294.768:209):
arch=40000003 syscall=37 success=yes exit=0 a0=7d11 a1=0 a2=5cf70c a3=7d11
items=0 ppid=1 pid=2480 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd"
exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 key=(null)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Does this give any clues ?
Aaron
More information about the fedora-selinux-list
mailing list