Newbie Q

Aaron Gray aaronngray.lists at googlemail.com
Fri Mar 20 23:22:17 UTC 2009 

> Aaron Gray wrote:
>> I am trying to audit2allow on F10 to allow a cgi-bin perl script to run 
>> on Apache. Runs fine in permissive mode not in enforcing.
>>
>> I bought the O'Reilly SE Linux book and learned the basics but it does 
>> not really seem to help me on Fedora.
>>
>> there was no /var/log/kernel so I tried /var/log/secure with the 
>> following command sequence
>>
>>    setenforce 0
>>
>>    # access the cgi from the web
>>
>>    setenforce 1
>>
>>    audit2allow -l -i /var/log/secure
> The audit log file is /var/log/audit/audit.log. Note, you must have root 
> privileges to read it.
>>
>>
>> What is strange also is the system is not flagging things up as a 
>> notification icon anymore in enforcing mode.

Thanks for the reply.

> Do you mean the "Star" Icon which opens the SETroubleshoot browser is not 
> appearing on your desktop?

Yep.

> If so are there any errors in /var/log/setroubleshoot/setroubleshootd.log?

Yep.

> Are there actually AVC messages in the /var/log/audit/audit.log file?

Yep.

> What version of setroubleshoot is installed?

F10's ? Version 2.0.12

It runs when I select it from the command line but not automatically on 
violations.

~~~~~~~~~~~~setroubleshooth.log~~~~~~~~~~~~
2009-03-20 16:58:15,020 [program.ERROR] setroubleshoot generated AVC, 
exiting to avoid recursion, context=system_u:system_r:setroubleshootd_t:s0, 
AVC scontext=system_u:system_r:setroubleshootd_t:s0
2009-03-20 16:58:15,020 [program.ERROR] audit event
node=localhost.localdomain type=AVC msg=audit(1237568294.768:209): avc: 
denied  { signull } for  pid=2480 comm="setroubleshootd" 
scontext=system_u:system_r:setroubleshootd_t:s0 
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 
tclass=process

node=localhost.localdomain type=SYSCALL msg=audit(1237568294.768:209): 
arch=40000003 syscall=37 success=yes exit=0 a0=7d11 a1=0 a2=5cf70c a3=7d11 
items=0 ppid=1 pid=2480 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd" 
exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 key=(null)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Does this give any clues ?

Aaron

More information about the fedora-selinux-list mailing list