Bug 539519: selinux doesn't like httpd trying to read /var/run/pcscd.pid
Daniel J Walsh
dwalsh at redhat.com
Fri Nov 2 13:53:01 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/01/2012 04:26 PM, m.roth at 5-cent.us wrote:
> Since I posted about a week and a half ago, I haven't seen any response.
>
> This is an example of what I think Dan was asking about.
>
> time->Thu Nov 1 16:00:01 2012 type=SYSCALL
> msg=audit(1351800001.262:133107): arch=c000003e syscall=2 success=yes
> exit=18 a0=7ffea2fdde22 a1=0 a2=1b6 a3=0 items=0 ppid=20709 pid=20713
> auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48
> tty=(none) ses=5118 comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null) type=AVC
> msg=audit(1351800001.262:133107): avc: denied { open } for pid=20713
> comm="httpd" name="pcscd.pid" dev=sda3 ino=81412261
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:pcscd_var_run_t:s0 tclass=file type=AVC
> msg=audit(1351800001.262:133107): avc: denied { read } for pid=20713
> comm="httpd" name="pcscd.pid" dev=sda3 ino=81412261
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:pcscd_var_run_t:s0 tclass=file
>
> And just to clarify, I believe what's doing this is that the webserver for
> svn is checking the user's smart card before allowing them to check files
> out.
>
> mark
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
Miroslav please back port
f67143c4d6f6cff20cdc3aa432c56faa37a2ac99
to Fedora 17 and RHEL6.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCT0D0ACgkQrlYvE4MpobMB8QCgv3fassTQ+4zckEGMT6sFEEgp
GkcAoIN8KhZgbCr0AqIxC5SI9yQwxqQV
=SGGe
-----END PGP SIGNATURE-----
More information about the selinux
mailing list