From: Daniel J Walsh <dwalsh(a)redhat.com>
On 10/17/2012 01:22 PM, m.roth(a)5-cent.us wrote:
Daniel J Walsh wrote:
> On 10/17/2012 11:48 AM, m.roth(a)5-cent.us wrote:
>
> Did you check the label on /var/run/pcscd.pid? What is the actual avc
> you are seeing?
-rw-r--r--. root root system_u:object_r:pcscd_var_run_t:s0
/var/run/pcscd.pid
And the sealert shows just the catchall.
SELinux is preventing /usr/sbin/httpd from read access on the file
/var/run/pcscd.pid.
***** Plugin catchall (100. confidence)
Can you execute
ausearch -m avc
And get the AVC's that way.
I was out yesterday, which is why I didn't get back to you before.
Yup, and get a ton of
type=AVC msg=audit(1350608218.778:42990): avc: denied { read write } for
pid=27757 comm="iptables" path="socket:[20864]" dev=sockfs ino=20864
scontext=system_u:system_r:iptables_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
mark