avc: denied { ioctl }?

Hongwei Li hongwei at wustl.edu
Wed Jun 8 14:28:20 UTC 2005


> On Tue, 2005-06-07 at 08:17 -0500, Hongwei Li wrote:
>> After I updated the policy to this version (1.17.30-2.96), from time to time
>> the system log shows a lot of error messages like this:
>>
>> Jun  6 17:51:04 morpheus kernel: audit(1118098264.336:0): avc:  denied  {
>> ioctl } for  pid=17395 exe=/usr/bin/perl path=/proc/loadavg dev=proc
>> ino=-268435456 scontext=user_u:system_r:httpd_sys_script_t
>> tcontext=system_u:object_r:proc_t tclass=file
>
> Likely should just be dontaudit'd, e.g.
> yum install selinux-policy-targeted-sources
> cd /etc/selinux/targeted/src/policy
> echo "dontaudit httpd_sys_script_t proc_t:file ioctl;" >>
> domains/misc/local.te
> make load
>
> --
> Stephen Smalley
> National Security Agency
>

Another question.  I installed selinux-policy-targeted-sources.  However, I
could not find local.te under domains/misc.  What I see under domain are:

misc  program  unconfined.te

under misc I see only a folder unused under which are:

auth-net.te  fcron.te  kernel.te  screensaver.te  startx.te 
userspace_objmgr.te  xclient.te

but no local.te.  I don't see it under domain/program/ either.  Then, what
file should I run the above command to?

Thanks!

HOngwei




More information about the selinux mailing list