avc: denied { ioctl }?
Hongwei Li
hongwei at wustl.edu
Wed Jun 8 13:53:29 UTC 2005
> On Tue, 2005-06-07 at 08:17 -0500, Hongwei Li wrote:
>> After I updated the policy to this version (1.17.30-2.96), from time to time
>> the system log shows a lot of error messages like this:
>>
>> Jun 6 17:51:04 morpheus kernel: audit(1118098264.336:0): avc: denied {
>> ioctl } for pid=17395 exe=/usr/bin/perl path=/proc/loadavg dev=proc
>> ino=-268435456 scontext=user_u:system_r:httpd_sys_script_t
>> tcontext=system_u:object_r:proc_t tclass=file
>
> Likely should just be dontaudit'd, e.g.
> yum install selinux-policy-targeted-sources
> cd /etc/selinux/targeted/src/policy
> echo "dontaudit httpd_sys_script_t proc_t:file ioctl;" >>
> domains/misc/local.te
> make load
>
> --
> Stephen Smalley
> National Security Agency
Thanks for the help. The strnage thing is that after June 6, 18:00, this
message avc: denied { ioctl }... suddenly does not show up any more (up to
now, June 8, 9am). If it shows up again, I will do the above. Now, I am just
curious what happened. I did not change the policy in these two days, did not
change any system setting either. What does the error message mean? What is
loadavg?
Thanks!
Hongwei Li
More information about the selinux
mailing list