Bug 539519: selinux doesn't like httpd trying to read /var/run/pcscd.pid
m.roth at 5-cent.us
m.roth at 5-cent.us
Thu Nov 1 20:26:44 UTC 2012
Since I posted about a week and a half ago, I haven't seen any response.
This is an example of what I think Dan was asking about.
time->Thu Nov 1 16:00:01 2012
type=SYSCALL msg=audit(1351800001.262:133107): arch=c000003e syscall=2
success=yes exit=18 a0=7ffea2fdde22 a1=0 a2=1b6 a3=0 items=0 ppid=20709
pid=20713 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 tty=(none) ses=5118 comm="httpd" exe="/usr/sbin/httpd"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1351800001.262:133107): avc: denied { open } for
pid=20713 comm="httpd" name="pcscd.pid" dev=sda3 ino=81412261
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:pcscd_var_run_t:s0 tclass=file
type=AVC msg=audit(1351800001.262:133107): avc: denied { read } for
pid=20713 comm="httpd" name="pcscd.pid" dev=sda3 ino=81412261
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:pcscd_var_run_t:s0 tclass=file
And just to clarify, I believe what's doing this is that the webserver for
svn is checking the user's smart card before allowing them to check files
out.
mark
More information about the selinux
mailing list