Attachment 596744 Details for Bug 838213 – File: description

File: description

description (text/plain), 3.20 KB, created by teppei.takasaki on 2012-07-07 09:00:12 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: teppei.takasaki

Created: 2012-07-07 09:00:12 UTC

Size: 3.20 KB

patch

obsolete

>SELinux is preventing /usr/sbin/httpd from 'execute_no_trans' accesses on the file /home/teppei/.gem/ruby/1.9.1/gems/passenger-3.0.13/agents/PassengerWatchdog.
>
>*****  Plugin leaks (86.2 confidence) suggests  ******************************
>
>If httpd ãã PassengerWatchdog file ã¸ execute_no_trans ã¢ã¯ã»ã¹ãè©¦ã¿ããã¨ããæå¦ãããããã®ã¢ã¯ã»ã¹ãå¿è¦ã¨ã¯æããªãããã
>Then ããããã°ã¨ãã¦å ±åãã¹ãã§ãã  
>ãã®ã¢ã¯ã»ã¹ãç£æ»ããªãããããã¼ã«ã«ããªã·ã¼ã¢ã¸ã¥ã¼ã«ãçæãããã¨ãå¯è½ã§ãã
>Do
># grep /usr/sbin/httpd /var/log/audit/audit.log | audit2allow -D -M mypol
># semodule -i mypol.pp
>
>*****  Plugin catchall (14.7 confidence) suggests  ***************************
>
>If httpd ã«ã PassengerWatchdog file ã® execute_no_trans ã¢ã¯ã»ã¹ãããã©ã«ãã§è¨±å¯ãããã¹ãã§ãã   
>Then ããããã°ããã¦å ±åãã¹ãã§ãã 
>ãã®ã¢ã¯ã»ã¹ãè¨±å¯ããããã«ããã¼ã«ã«ããªã·ã¼ã¢ã¸ã¥ã¼ã«ãçæãããã¨ãã§ãã¾ãã
>Do
>ãã®ã¢ã¯ã»ã¹ãä¸æçã«è¨±å¯ããã«ã¯ãä»¥ä¸ãå®è¡ãã¦ãã ããã:
># grep httpd /var/log/audit/audit.log | audit2allow -M mypol
># semodule -i mypol.pp
>
>Additional Information:
>Source Context                system_u:system_r:httpd_t:s0
>Target Context                unconfined_u:object_r:user_home_t:s0
>Target Objects                /home/teppei/.gem/ruby/1.9.1/gems/passenger-3.0.13
>                              /agents/PassengerWatchdog [ file ]
>Source                        httpd
>Source Path                   /usr/sbin/httpd
>Port                          <ä¸æ>
>Host                          (removed)
>Source RPM Packages           httpd-2.2.22-4.fc17.x86_64
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.10.0-134.fc17.noarch
>Selinux Enabled               True
>Policy Type                   targeted
>Enforcing Mode                Enforcing
>Host Name                     (removed)
>Platform                      Linux (removed) 3.4.4-3.fc17.x86_64 #1 SMP Tue
>                              Jun 26 20:54:56 UTC 2012 x86_64 x86_64
>Alert Count                   2
>First Seen                    2012å¹´07æ07æ¥ 17æ58å15ç§
>Last Seen                     2012å¹´07æ07æ¥ 17æ58å16ç§
>Local ID                      b7204358-14ef-4a51-92a1-a27a1298b15c
>
>Raw Audit Messages
>type=AVC msg=audit(1341651496.104:754): avc:  denied  { execute_no_trans } for  pid=25201 comm="httpd" path="/home/teppei/.gem/ruby/1.9.1/gems/passenger-3.0.13/agents/PassengerWatchdog" dev="dm-2" ino=9442005 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
>
>
>type=SYSCALL msg=audit(1341651496.104:754): arch=x86_64 syscall=execve success=no exit=EACCES a0=7f8bb874f8f8 a1=7fff36815630 a2=7fff36818558 a3=8 items=0 ppid=25194 pid=25201 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)
>
>Hash: httpd,httpd_t,user_home_t,file,execute_no_trans
>
>audit2allowunable to open /sys/fs/selinux/policy:  Permission denied
>
>
>audit2allow -Runable to open /sys/fs/selinux/policy:  Permission denied
>
>

Actions: View

Attachments on bug 838213: 596744