Daniel J Walsh wrote:
On 09/13/2012 04:44 PM, m.roth(a)5-cent.us wrote:
> Daniel J Walsh wrote:
>> On 09/13/2012 03:24 PM, m.roth(a)5-cent.us wrote:
>>> CentOS 6.3. *Just* updated, including most current selinux-policy and
>>> selinux-policy-targeted. I'm getting tons of these, as in it's just
>>> spitting them out when I tail -f /var/log/messages: Sep 13 15:20:51
>>> <server> setroubleshoot: SELinux is preventing /bin/ps from search
>>> access on the directory @2. For complete SELinux messages. run sealert
>>> -l d92ec78b-3897-4760-93c5-343a662fec67
> <snip>
>> What are the AVC's you are seeing. What domain is running ps command.
>
> I've turned down auditd to *try* to cut down some of the garbage in the
> logs, but I still see things like: Sep 13 16:04:02 <server> kernel:
> type=1400 audit(1347566642.053:96703): avc: denied { search } for
> pid=9835 comm="ps" name="3647" dev=proc ino=20207
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=dir
>
You running passenger?
Let me guess: I just googled passenger and selinux, and I see a number of
hits to
grep httpd /var/log/audit/audit.log | audit2allow -M passenger
then
semodule -i passenger.pp
Looking in the .te, there's a *lot* of allows....
mark