https://bugzilla.redhat.com/show_bug.cgi?id=1887111
--- Comment #2 from W Agtail <crash70(a)ymail.com> ---
SELinux is preventing graph.cgi from read access on the directory cpu.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that graph.cgi should be allowed read access on the cpu
directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'graph.cgi' --raw | audit2allow -M my-graphcgi
# semodule -X 300 -i my-graphcgi.pp
Additional Information:
Source Context system_u:system_r:dspam_script_t:s0
Target Context system_u:object_r:sysfs_t:s0
Target Objects cpu [ dir ]
Source graph.cgi
Source Path graph.cgi
Port <Unknown>
Host kvm7.home.local
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-3.14.5-43.fc32.noarch
Local Policy RPM
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name kvm7.home.local
Platform Linux kvm7.home.local 5.8.11-200.fc32.x86_64 #1
SMP Wed Sep 23 13:51:28 UTC 2020 x86_64 x86_64
Alert Count 57
First Seen 2020-10-06 22:03:10 BST
Last Seen 2020-10-10 23:29:25 BST
Local ID d7c006a1-31d8-41da-9e86-20b7ba61975c
Raw Audit Messages
type=AVC msg=audit(1602368965.274:78914): avc: denied { read } for
pid=2979679 comm="graph.cgi" name="cpu" dev="sysfs" ino=33
scontext=system_u:system_r:dspam_script_t:s0
tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=1
Hash: graph.cgi,dspam_script_t,sysfs_t,dir,read
--
You are receiving this mail because:
You are on the CC list for the bug.