Why httpd wants to access /boot?
Daniel J Walsh
dwalsh at redhat.com
Thu Aug 23 10:55:16 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/21/2012 04:06 AM, Georgios Petasis wrote:
> Στις 20/8/2012 12:53, ο/η Daniel J Walsh έγραψε:
>> On 08/19/2012 02:09 PM, Georgios Petasis wrote:
>>> Hi all,
>>>
>>> I am getting this strange selinux denial, each time the httpd server
>>> is restarted:
>>>
>>> type=AVC msg=audit(1345399262.193:190): avc: denied { getattr } for
>>> pid=3900 comm="httpd" path="/boot" dev="sda2" ino=2
>>> scontext=system_u:system_r:httpd_t:s0
>>> tcontext=system_u:object_r:boot_t:s0 tclass=dir
>>>
>>> Does anyone knows why is it trying to read /boot?
>>>
>>> grep "/boot" and "boot" in all files in /etc/httpd didn't show any
>>> matches.
>>>
>>> George
>> More then likely some kind of listing of / or is /boot a mount point, it
>> could be looking at all mount points. Usually these we dontaudit, since
>> it is probably just noice.
>
> Yes, /boot is a mount point. Can I somehow disable the notification I am
> getting about this on my desktop?
>
> George
You can add a dontaudit rule:
# grep /boot /var/log/audit/audit.log | audit2allow -D -m myhttpd
# semodule -i myhttpd.pp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlA2DBQACgkQrlYvE4MpobNvgACg6qTsOj73A0lzNZFBDRCyk22C
UQIAn1L3peA4xbyOVY+SGlbl0It7oW2U
=ahFg
-----END PGP SIGNATURE-----
More information about the users
mailing list