Bug 1301186

Summary: Mediawiki 1.26.X require additional rules.
Product: Red Hat Enterprise Linux 7 Reporter: Frank Büttner <bugzilla>
Component: selinux-policyAssignee: Simon Sekidde <ssekidde>
Status: CLOSED ERRATA QA Contact: Jan Zarsky <jzarsky>
Severity: low Docs Contact:
Priority: low    
Version: 7.2CC: jzarsky, lvrabec, mgrepl, mmalik, plautrba, pvrabec, ssekidde
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.13.1-80.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-04 02:40:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Frank Büttner 2016-01-22 19:45:52 UTC 
Description of problem:
The SyntaxHighlight module included with it use now Pygments.
This require two additional selinux rules.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.13.1-60.el7.noarch

How reproducible:
Every time

Steps to Reproduce:
1. use the <syntaxhighlight> in an wiki page

Actual results:
Selinux deny messages.

Expected results:
working SyntaxHighlight module

Additional info:
needed rules:
allow httpd_t mediawiki_rw_content_t:file execute_no_trans;
allow httpd_t mediawiki_rw_content_t:file execute;

log:
grep httpd /var/log/audit/audit.log
type=AVC msg=audit(1453489626.989:133716): avc:  denied  { execute } for  pid=26950 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489626.989:133716): arch=c000003e syscall=59 success=no exit=-13 a0=944d30 a1=944460 a2=943050 a3=7ffc79a19c00 items=0 ppid=5236 pid=26950 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489626.989:133717): avc:  denied  { execute } for  pid=26950 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489626.989:133717): arch=c000003e syscall=21 success=no exit=-13 a0=944d30 a1=1 a2=7ffc79a19ce0 a3=7ffc79a19c00 items=0 ppid=5236 pid=26950 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.004:133718): avc:  denied  { execute } for  pid=26951 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.004:133718): arch=c000003e syscall=59 success=no exit=-13 a0=257bd30 a1=257b460 a2=257a050 a3=7ffd01bd6220 items=0 ppid=5236 pid=26951 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.004:133719): avc:  denied  { execute } for  pid=26951 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.004:133719): arch=c000003e syscall=21 success=no exit=-13 a0=257bd30 a1=1 a2=7ffd01bd6300 a3=7ffd01bd6220 items=0 ppid=5236 pid=26951 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.022:133720): avc:  denied  { execute } for  pid=26952 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.022:133720): arch=c000003e syscall=59 success=no exit=-13 a0=818d30 a1=818460 a2=817050 a3=7ffe9e5fc750 items=0 ppid=5236 pid=26952 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.022:133721): avc:  denied  { execute } for  pid=26952 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.022:133721): arch=c000003e syscall=21 success=no exit=-13 a0=818d30 a1=1 a2=7ffe9e5fc830 a3=7ffe9e5fc750 items=0 ppid=5236 pid=26952 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.034:133722): avc:  denied  { execute } for  pid=26953 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.034:133722): arch=c000003e syscall=59 success=no exit=-13 a0=18d2d30 a1=18d2460 a2=18d1050 a3=7fff488183b0 items=0 ppid=5236 pid=26953 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.034:133723): avc:  denied  { execute } for  pid=26953 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.034:133723): arch=c000003e syscall=21 success=no exit=-13 a0=18d2d30 a1=1 a2=7fff48818490 a3=7fff488183b0 items=0 ppid=5236 pid=26953 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.049:133724): avc:  denied  { execute } for  pid=26954 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.049:133724): arch=c000003e syscall=59 success=no exit=-13 a0=168dd30 a1=168d460 a2=168c050 a3=7ffeb04bcc50 items=0 ppid=5236 pid=26954 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.050:133725): avc:  denied  { execute } for  pid=26954 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.050:133725): arch=c000003e syscall=21 success=no exit=-13 a0=168dd30 a1=1 a2=7ffeb04bcd30 a3=7ffeb04bcc50 items=0 ppid=5236 pid=26954 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.060:133726): avc:  denied  { execute } for  pid=26955 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.060:133726): arch=c000003e syscall=59 success=no exit=-13 a0=1cfbd30 a1=1cfb460 a2=1cfa050 a3=7ffee600b730 items=0 ppid=5236 pid=26955 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.060:133727): avc:  denied  { execute } for  pid=26955 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.060:133727): arch=c000003e syscall=21 success=no exit=-13 a0=1cfbd30 a1=1 a2=7ffee600b810 a3=7ffee600b730 items=0 ppid=5236 pid=26955 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.074:133728): avc:  denied  { execute } for  pid=26956 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.074:133728): arch=c000003e syscall=59 success=no exit=-13 a0=1b70d30 a1=1b70460 a2=1b6f050 a3=7ffc25864060 items=0 ppid=5236 pid=26956 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.074:133729): avc:  denied  { execute } for  pid=26956 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.074:133729): arch=c000003e syscall=21 success=no exit=-13 a0=1b70d30 a1=1 a2=7ffc25864140 a3=7ffc25864060 items=0 ppid=5236 pid=26956 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.087:133730): avc:  denied  { execute } for  pid=26957 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.087:133730): arch=c000003e syscall=59 success=no exit=-13 a0=948d30 a1=948460 a2=947050 a3=7ffdf3048100 items=0 ppid=5236 pid=26957 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.087:133731): avc:  denied  { execute } for  pid=26957 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.087:133731): arch=c000003e syscall=21 success=no exit=-13 a0=948d30 a1=1 a2=7ffdf30481e0 a3=7ffdf3048100 items=0 ppid=5236 pid=26957 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.100:133732): avc:  denied  { execute } for  pid=26958 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.100:133732): arch=c000003e syscall=59 success=no exit=-13 a0=258cd30 a1=258c460 a2=258b050 a3=7ffdcf464e30 items=0 ppid=5236 pid=26958 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.100:133733): avc:  denied  { execute } for  pid=26958 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.100:133733): arch=c000003e syscall=21 success=no exit=-13 a0=258cd30 a1=1 a2=7ffdcf464f10 a3=7ffdcf464e30 items=0 ppid=5236 pid=26958 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.328:133742): avc:  denied  { execute_no_trans } for  pid=27134 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.328:133742): arch=c000003e syscall=59 success=no exit=-13 a0=1823d00 a1=1823430 a2=1822040 a3=7ffc73222da0 items=0 ppid=5193 pid=27134 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.444:133743): avc:  denied  { execute_no_trans } for  pid=27135 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.444:133743): arch=c000003e syscall=59 success=no exit=-13 a0=1e06d00 a1=1e06430 a2=1e05040 a3=7fff4f103650 items=0 ppid=5193 pid=27135 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.458:133744): avc:  denied  { execute_no_trans } for  pid=27136 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.458:133744): arch=c000003e syscall=59 success=no exit=-13 a0=2256d00 a1=2256430 a2=2255040 a3=7ffd798ae580 items=0 ppid=5193 pid=27136 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.477:133745): avc:  denied  { execute_no_trans } for  pid=27137 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.477:133745): arch=c000003e syscall=59 success=no exit=-13 a0=228fd00 a1=228f430 a2=228e040 a3=7ffe54775020 items=0 ppid=5193 pid=27137 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.493:133746): avc:  denied  { execute_no_trans } for  pid=27138 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.493:133746): arch=c000003e syscall=59 success=no exit=-13 a0=1144d00 a1=1144430 a2=1143040 a3=7ffcd89cbda0 items=0 ppid=5193 pid=27138 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.505:133747): avc:  denied  { execute_no_trans } for  pid=27139 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.505:133747): arch=c000003e syscall=59 success=no exit=-13 a0=25b7d00 a1=25b7430 a2=25b6040 a3=7ffc0ae4d160 items=0 ppid=5193 pid=27139 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.517:133748): avc:  denied  { execute_no_trans } for  pid=27140 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.517:133748): arch=c000003e syscall=59 success=no exit=-13 a0=19b2d00 a1=19b2430 a2=19b1040 a3=7ffc17b1a850 items=0 ppid=5193 pid=27140 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.529:133749): avc:  denied  { execute_no_trans } for  pid=27141 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.529:133749): arch=c000003e syscall=59 success=no exit=-13 a0=126ad00 a1=126a430 a2=1269040 a3=7fffb87c9d90 items=0 ppid=5193 pid=27141 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.545:133750): avc:  denied  { execute_no_trans } for  pid=27142 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.545:133750): arch=c000003e syscall=59 success=no exit=-13 a0=2134d00 a1=2134430 a2=2133040 a3=7ffe6158a000 items=0 ppid=5193 pid=27142 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.560:133751): avc:  denied  { execute_no_trans } for  pid=27143 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.560:133751): arch=c000003e syscall=59 success=no exit=-13 a0=2075d00 a1=2075430 a2=2074040 a3=7ffe3fddb390 items=0 ppid=5193 pid=27143 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.577:133752): avc:  denied  { execute_no_trans } for  pid=27144 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.577:133752): arch=c000003e syscall=59 success=no exit=-13 a0=1625d00 a1=1625430 a2=1624040 a3=7ffc2b40b9c0 items=0 ppid=5193 pid=27144 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.590:133753): avc:  denied  { execute_no_trans } for  pid=27145 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.590:133753): arch=c000003e syscall=59 success=no exit=-13 a0=1ba4d00 a1=1ba4430 a2=1ba3040 a3=7ffd35616a50 items=0 ppid=5193 pid=27145 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.603:133754): avc:  denied  { execute_no_trans } for  pid=27146 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.603:133754): arch=c000003e syscall=59 success=no exit=-13 a0=10aad00 a1=10aa430 a2=10a9040 a3=7ffc50a3d1b0 items=0 ppid=5193 pid=27146 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.615:133755): avc:  denied  { execute_no_trans } for  pid=27147 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.615:133755): arch=c000003e syscall=59 success=no exit=-13 a0=1141d00 a1=1141430 a2=1140040 a3=7fffde6d1010 items=0 ppid=5193 pid=27147 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.631:133756): avc:  denied  { execute_no_trans } for  pid=27148 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.631:133756): arch=c000003e syscall=59 success=no exit=-13 a0=17b5d00 a1=17b5430 a2=17b4040 a3=7ffc2720fdb0 items=0 ppid=5193 pid=27148 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
Comment 2 Miroslav Grepl 2016-02-12 06:07:36 UTC 
Hi Frank,
could you try to label it using

# chcon -t mediawiki_script_exec_t /var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize

and re-test it?
Comment 3 Frank Büttner 2016-02-12 17:51:45 UTC 
1. semodule -P -r myfix
2. chcon -t mediawiki_script_exec_t 
3. edit in the wiki.

result:
Syntax highlight don't work.

audit:
type=AVC msg=audit(1455299306.250:7632): avc:  denied  { read } for  pid=706 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.250:7632): arch=c000003e syscall=2 success=no exit=-13 a0=7f8ae84ee4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=706 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.286:7633): avc:  denied  { read } for  pid=707 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.286:7633): arch=c000003e syscall=2 success=no exit=-13 a0=7f037066f4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=707 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.316:7634): avc:  denied  { read } for  pid=708 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.316:7634): arch=c000003e syscall=2 success=no exit=-13 a0=7f87a762b4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=708 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.352:7635): avc:  denied  { read } for  pid=709 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.352:7635): arch=c000003e syscall=2 success=no exit=-13 a0=7f8220d2a4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=709 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.384:7636): avc:  denied  { read } for  pid=710 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.384:7636): arch=c000003e syscall=2 success=no exit=-13 a0=7f0d237de4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=710 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.417:7637): avc:  denied  { read } for  pid=711 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.417:7637): arch=c000003e syscall=2 success=no exit=-13 a0=7f878996a4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=711 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.451:7638): avc:  denied  { read } for  pid=712 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.451:7638): arch=c000003e syscall=2 success=no exit=-13 a0=7fe13f90d4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=712 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.486:7639): avc:  denied  { read } for  pid=713 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.486:7639): arch=c000003e syscall=2 success=no exit=-13 a0=7f4879fae4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=713 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.519:7640): avc:  denied  { read } for  pid=714 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.519:7640): arch=c000003e syscall=2 success=no exit=-13 a0=7f1bbe8594a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=714 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.551:7641): avc:  denied  { read } for  pid=715 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.551:7641): arch=c000003e syscall=2 success=no exit=-13 a0=7fe289c624a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=715 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)


return to:
1. restorecon pygmentize
2. semodule -P -i myfix
3.  edit in the wiki
result:
Syntax highlight  work and no audit messages.
Comment 8 errata-xmlrpc 2016-11-04 02:40:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2283.html