Denied for com='ps' name='stat' {open} {read} {search}
Jorge Fábregas
jorge.fabregas at gmail.com
Sun Dec 26 20:38:47 UTC 2010
On Sunday, December 26, 2010 04:00:56 pm Frank Licea wrote:
> I'm on a fresh install of Fedora 14 and using phusion passenger. I
> currently have SELinux in permissive mode.
>
> When I checked my /var/log/audit/audit.log file I noticed three denial
> messages and I can't figure out why they are there. Has anyone encountered
> anything similar before?
It seems Apache (httpd_t) is trying to open/read some files that are labeled
incorrectly.
Apache (httpd_d) usually can only read files labeled as httpd_sys_content_t.
In your case, the files are labeled as "unconfined_t".
Usually you don't have this problem if you serve your pages from anywhere
within the standard location (/var/www/html). If you're serving from other
non-standard location you must tell SELinux about it. For example, if you're
using /srv/myweb
You'll need to register this location with:
semanage fcontext -a -t httpd_sys_content_t '/srv/myweb(/.*)?'
and then apply the labels:
restorecon -R /srv/myweb
HTH,
Jorge
More information about the selinux
mailing list