Bug 1025070
Summary: | SELinux is preventing /usr/bin/perl from 'read' accesses on the directory cpu. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Rodd Clarkson <rodd> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 20 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, rodd |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:4a242264f5aa09881c93e36e65fb652c82ce5de12ebcf3ef503cdaa3ec7afcfa | ||
Fixed In Version: | selinux-policy-3.12.1-116.fc20 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-01-16 07:09:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Rodd Clarkson
2013-10-30 23:27:45 UTC
I tried running: # grep index.cgi /var/log/audit/audit.log | audit2allow -M mypol as suggested and got: # grep index.cgi /var/log/audit/audit.log | audit2allow -M mypol compilation failed: sh: /usr/bin/checkmodule: No such file or directory Running # grep index.cgi /var/log/audit/audit.log works fine (at least it outputs stuff) yum install checkpolicy Will fix that problem. What is the location of the index.cgi? Is this something you wrote? index.cgi is a perl script I've written and have been using for some 10 years now (with the occasional alteration, but most unchanged). I can provide you with the script if you like. I don't know what the 'directory cpu' is. I'm assuming it's a directory called cpu, but I haven't made this, so I assumed this was a perl running on fedora issue. /sys/bus/cpu /sys/bus/event_source/devices/cpu /sys/devices/cpu /sys/devices/system/cpu Is what it is trying to read. It could be an upgrade to perl which now checks one of these files. Did your script work correctly? Yeah, the script works fine. I had switched to Permissive, but switching back to Enforcing it still works and there's nothing in the httpd log files that suggests it's an issue. I added dev_list_sysfs(httpd_sys_script_t) to .git. 4340e59155b7f34de781bc269429f14f919dd8de fixes this in git. selinux-policy-3.12.1-116.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-116.fc20 Package selinux-policy-3.12.1-116.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-116.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-0806/selinux-policy-3.12.1-116.fc20 then log in and leave karma (feedback). selinux-policy-3.12.1-116.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |