-------- Original Message --------
From: Daniel J Walsh <dwalsh(a)redhat.com>
On 10/19/2012 10:48 AM, m.roth(a)5-cent.us wrote:
From: Daniel J Walsh <dwalsh(a)redhat.com> On 10/17/2012 01:22 PM,
m.roth(a)5-cent.us wrote:
> Daniel J Walsh wrote:
>> On 10/17/2012 11:48 AM, m.roth(a)5-cent.us wrote:
>>
>> Did you check the label on /var/run/pcscd.pid? What is the actual
>> avc you are seeing?
> -rw-r--r--. root root system_u:object_r:pcscd_var_run_t:s0
> /var/run/pcscd.pid
>
> And the sealert shows just the catchall.
>
> SELinux is preventing /usr/sbin/httpd from read access on the file
> /var/run/pcscd.pid.
>
> ***** Plugin catchall (100. confidence)
> Can you execute
> ausearch -m avc
I think this is a sample of what you were asking for:
time->Fri Oct 19 00:45:01 2012
type=SYSCALL msg=audit(1350621901.305:71913): arch=c000003e syscall=2
success=ye
s exit=18 a0=7f0ebf4a6e22 a1=0 a2=1b6 a3=0 items=0 ppid=6184 pid=6247
auid=42949
67295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48
tty=(none)
ses=4294967295 comm="httpd" exe="/usr/sbin/httpd"
subj=system_u:system_r:httpd_
t:s0 key=(null)
type=AVC msg=audit(1350621901.305:71913): avc: denied { open } for
pid=6247 c
omm="httpd" name="pcscd.pid" dev=sda3 ino=81412261
scontext=system_u:system_r:ht
tpd_t:s0 tcontext=system_u:object_r:pcscd_var_run_t:s0 tclass=file
type=AVC msg=audit(1350621901.305:71913): avc: denied { read } for
pid=6247 c
omm="httpd" name="pcscd.pid" dev=sda3 ino=81412261
scontext=system_u:system_r:ht
tpd_t:s0 tcontext=system_u:object_r:pcscd_var_run_t:s0 tclass=file
mark