A quick avc question - identifying source file
Daniel J Walsh
dwalsh at redhat.com
Mon Oct 21 20:53:11 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/21/2013 04:50 PM, m.roth at 5-cent.us wrote:
> Daniel J Walsh wrote:
>> On 10/21/2013 04:28 PM, Daniel J Walsh wrote:
>>> On 10/21/2013 04:24 PM, m.roth at 5-cent.us wrote:
>>>> The sealert tells me that a file named index.cgi is running avc on
>>>> sysfs_t. Is there any tool that would get me the *full* path of
>>>> index.cgi, as there are several of them, for several websites
>>>> (including bugzilla)?
>>>
>>>> CentOS 6.4.
>>>
>>> You can turn on full auditing which should generate the path.
> <snip>
>>> Or you can turn it on temporarily (Until next reboot)
>>>
>>> auditctl -w /etc/shadow
>>
>> Here is a blog I wrote on this a few years back.
>>
>> http://danwalsh.livejournal.com/34903.html?thread=220247
>
> No joy, anywhere. I found some AVC's and looked at the inode...
> /dev/char/203.11. And the sealert tells me only (for example) SELinux is
> preventing /usr/bin/perl from read access on the file
> /sys/devices/system/node/node0/meminfo.
>
> Obviously, index.cgi is in perl....
>
> mark
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
Well it would only happen after the next AVC.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJllDcACgkQrlYvE4MpobN/MACdHan7ArNbyAY61Ss9SWQLZZOQ
YQMAn2w6CSdll0a5UowF5ic0zmaGRPMG
=/+8c
-----END PGP SIGNATURE-----
More information about the selinux
mailing list