avc: denied { ioctl }?

Hongwei Li hongwei at wustl.edu
Wed Jun 8 13:53:29 UTC 2005


> On Tue, 2005-06-07 at 08:17 -0500, Hongwei Li wrote:
>> After I updated the policy to this version (1.17.30-2.96), from time to time
>> the system log shows a lot of error messages like this:
>>
>> Jun  6 17:51:04 morpheus kernel: audit(1118098264.336:0): avc:  denied  {
>> ioctl } for  pid=17395 exe=/usr/bin/perl path=/proc/loadavg dev=proc
>> ino=-268435456 scontext=user_u:system_r:httpd_sys_script_t
>> tcontext=system_u:object_r:proc_t tclass=file
>
> Likely should just be dontaudit'd, e.g.
> yum install selinux-policy-targeted-sources
> cd /etc/selinux/targeted/src/policy
> echo "dontaudit httpd_sys_script_t proc_t:file ioctl;" >>
> domains/misc/local.te
> make load
>
> --
> Stephen Smalley
> National Security Agency

Thanks for the help.  The strnage thing is that after June 6, 18:00, this
message avc:  denied  { ioctl }... suddenly does not show up any more (up to
now, June 8, 9am).  If it shows up again, I will do the above.  Now, I am just
curious what happened.  I did not change the policy in these two days, did not
change any system setting either.  What does the error message mean?  What is
loadavg?

Thanks!

Hongwei Li





More information about the selinux mailing list