SELinux is preventing /bin/ps from search access...
m.roth at 5-cent.us
m.roth at 5-cent.us
Thu Sep 13 21:09:25 UTC 2012
Daniel J Walsh wrote:
> On 09/13/2012 04:44 PM, m.roth at 5-cent.us wrote:
>> Daniel J Walsh wrote:
>>> On 09/13/2012 03:24 PM, m.roth at 5-cent.us wrote:
>>>> CentOS 6.3. *Just* updated, including most current selinux-policy and
>>>> selinux-policy-targeted. I'm getting tons of these, as in it's just
>>>> spitting them out when I tail -f /var/log/messages: Sep 13 15:20:51
>>>> <server> setroubleshoot: SELinux is preventing /bin/ps from search
>>>> access on the directory @2. For complete SELinux messages. run sealert
>>>> -l d92ec78b-3897-4760-93c5-343a662fec67
>> <snip>
>>> What are the AVC's you are seeing. What domain is running ps command.
>>
>> I've turned down auditd to *try* to cut down some of the garbage in the
>> logs, but I still see things like: Sep 13 16:04:02 <server> kernel:
>> type=1400 audit(1347566642.053:96703): avc: denied { search } for
>> pid=9835 comm="ps" name="3647" dev=proc ino=20207
>> scontext=unconfined_u:system_r:httpd_t:s0
>> tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=dir
>>
> You running passenger?
Let me guess: I just googled passenger and selinux, and I see a number of
hits to
grep httpd /var/log/audit/audit.log | audit2allow -M passenger
then
semodule -i passenger.pp
Looking in the .te, there's a *lot* of allows....
mark
More information about the selinux
mailing list