Bug 539519
Summary: | SELinux is preventing /usr/sbin/httpd from using potentially mislabeled files /var/run/pcscd.pub. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | andy york <soylentman> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 12 | CC: | contact, dwalsh, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:e63977691cf891f1646e418626c912992facd1f30318e9a287ff96c6d9960824 | ||
Fixed In Version: | 3.6.32-49.fc12 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-12-01 16:40:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
andy york
2009-11-20 13:21:48 UTC
Why is apache looking at /var/run/pcscd.pub? Are you using some kind of public key tool? No idea. Just installed F12 clean after botched upgrade. Was able to restore some html stuff from backup. May be a Wordpress issue of some kind. Saved "/var/run/pcscd.pub" as "/var/run/pcscd.pub.old" and deleted it with no effect noticed. Hope that helps. It is being triggered by WP-Stats Wordpress plugin. I think it is causing httpd to do a listing of all files in /var/run, which is causing the problem. I think if you removed the file all together it would probably fix the avc. You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Will be dontaudited. Fixed in selinux-policy-3.6.32-48.fc12.noarch Did that... got same warning plus a new one for /var/run/pcscd.pid Deleted both files /var/run/pcscd.pub and /var/run/pcscd.pid and seems to be fine now. Don't know where those file(s) originated... just installed F12 clean. Thanks for your help and patience. selinux-policy-3.6.32-49.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-49.fc12 selinux-policy-3.6.32-49.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-12131 selinux-policy-3.6.32-49.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. I get this bug on my apache local-only server. I'm using Fedora 16 up-to-date. I don't run any blog on it, just a little localwebsite html/php/mysql generating invoices, quotes, etc... SELinux is 3.10.0 I didn't notice any effect of this bug on my activity. It is probably caused by an authorization tool looking at your smart card services. Since you are most likely not using smartcard for authorization, I don't think this is a problem. Thank you for your answer. |