"denied" error message
Stephen Smalley
sds at tycho.nsa.gov
Thu Jul 26 12:36:41 UTC 2007
On Wed, 2007-07-25 at 16:03 -0400, Bill Tangren wrote:
> Bill Tangren wrote:
> > I have the following error message showing up in my audit logs. This is
> > on an SELinux-enabled web server (running RHEL ES 4, fully patched).
> > This is actually an selinux error, so if this not the correct place to
> > ask this question, please let me know.
> >
>
> Never mind. I got at least a partial answer by googling NSA's selinux mailing
> list archive. I quote from one of those pages:
>
> "Typically, that audit message suggests that kernel is translating PROT_READ
> requests by that binary to PROT_READ|PROT_EXECUTE in order to provide
> compatibility with "legacy" binaries that presumed read-implies-exec logic."
>
> This is an old program that is calling shared libraries. It isn't hurting the
> program, but it is filling up my audit logs. I guess I'll leave it alone.
>
> Thanks anyway.
>
Options:
- Rebuild the program with current compiler toolchain.
- Try to mark the program as not requiring an executable stack,
cp /location/of/bin/aa_pap8 /location/of/bin/aa_pap8.orig
execstack -c /location/of/bin/aa_pap8
- Modify your policy to dontaudit the permission or to allow it, as
required.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list