On Wednesday 06 April 2005 06:13, "Hongwei Li" <hongwei(a)wustl.edu> wrote:
I just found that my fc3 system log shows many, many entries like
below:
Apr 5 14:50:42 morpheus kernel: audit(1112730642.889:0): avc: denied {
ioctl } for pid=32509 exe=/usr/bin/perl path=/proc/loadavg dev=proc
ino=-268435456 scontext=user_u:system_r:httpd_sys_script_t
tcontext=system_u:object_r:proc_t tclass=file
To get an ioctl message there must already be read or write access granted.
In that case adding ioctl as well won't do any harm, so just add the
following to your policy source and load the new policy:
allow httpd_sys_script_t:proc_t:file ioctl;
We'll need to add that for FC4.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page