Bug 253636
Summary: | SELinux in Permissive mode, using Webmin | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | LannyM <lanny> | ||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED NOTABUG | QA Contact: | |||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 5.0 | ||||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i686 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-09-04 19:46:07 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
LannyM
2007-08-20 22:27:28 UTC
I am not sure what this is reporting? Could you attace the /var/log/audit/audit.log? This looks like samba tried to read /var/webmin/sessiiondb.pag? Created attachment 161982 [details]
/var/log/audit/audit.log
/var/log/audit/audit.log
Ok, this looks like a leaked file descriptor(s). miniserv.error and sessiondb.pag Are being examined for access by many confined domains. So something in the bootup process is opening these files and not closing them before execing the other apps. Are you using something special in the boot process? From googleing these, it looks like virtualmin has a problem. Daniel: I am not aware of *anything* special in the boot process. Using GRUB, in a Custom Install. Lanny Are you running virtualmin? What package(s) owns miniserv.error and sessiondb.pag They are leaking a file descriptor Daniel: I do not believe virtualmin is installed. I installed Webmin and then Usermin, and I have explored them, 2 or 3 times, but, I have not used them to change anything. It looks like all the messages in the setroubleshoot browser are related to things SELinux does not like, that Webmin is trying to do. SELinux is in Permissive mode. Seems that this is being caused by Webmin, or, SELinux reaction to Webmin. This is typical of messages in the setroubleshoot browser: Summary SELinux is preventing /sbin/iptables (iptables_t) "read write" to /var/webmin/sessiondb.pag (var_t). [root@dell2400 ~]# rpm -qf /var/webmin/miniserv.error file /var/webmin/miniserv.error is not owned by any package [root@dell2400 ~]# rpm -qf /var/webmin/sessiondb.pag file /var/webmin/sessiondb.pag is not owned by any package [root@dell2400 ~]# HTH, Lanny Well then I would surmise that Webmin is opening these files and not closing the descriptors. Then later execing iptables. Basically iptables knows nothing of sessiondb.pag, and adding SELinux rules to handle this is just covering up a bug in webmin. Daniel: I just moved this to the Webmin Bug Tracker on sourceforge.net. Thank you, very much! Lanny |