| Summary: | SELinux is preventing /usr/sbin/tmpwatch from 'read' accesses on the directory /var/cache/php-eaccelerator. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | hellboydvd |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 16 | CC: | dominick.grift, dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:56897be474fe271f5ce7c3eff5c96b6161609720e7f171380eaa70c64044abdf | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-03-13 08:59:32 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Just execute $ restorecon -R -v /var/cache/php-eaccelerator Did you create this directory? (In reply to comment #1) > Just execute > > $ restorecon -R -v /var/cache/php-eaccelerator > > Did you create this directory? No. Was /var/cache/php-eaccelerator created by some kind of install. Is this something we ship with Fedora? What does $ rpm -qf /var/cache/php-eaccelerator (In reply to comment #4) > What does > > $ rpm -qf /var/cache/php-eaccelerator php-eaccelerator-0.9.6.1-9.fc16.2.x86_64 Does it include the /var/cache/php-eacclerator in the payload. rpm -ql php-eaccelerator-0.9.6.1-9.fc16.2.x86_64 | grep cache And where did you download this from? Yes. i dont recall. |
libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.2.9-1.fc16.x86_64 reason: SELinux is preventing /usr/sbin/tmpwatch from 'read' accesses on the directory /var/cache/php-eaccelerator. time: Tue 13 Mar 2012 11:45:44 AM IST description: :SELinux is preventing /usr/sbin/tmpwatch from 'read' accesses on the directory /var/cache/php-eaccelerator. : :***** Plugin restorecon (94.8 confidence) suggests ************************* : :If you want to fix the label. :/var/cache/php-eaccelerator default label should be httpd_cache_t. :Then you can run restorecon. :Do :# /sbin/restorecon -v /var/cache/php-eaccelerator : :***** Plugin catchall_labels (5.21 confidence) suggests ******************** : :If you want to allow tmpwatch to have read access on the php-eaccelerator directory :Then you need to change the label on /var/cache/php-eaccelerator :Do :# semanage fcontext -a -t FILE_TYPE '/var/cache/php-eaccelerator' :where FILE_TYPE is one of the following: httpd_cache_t, kismet_log_t, textrel_shlib_t, rpm_var_cache_t, var_lib_t, user_home_type, var_run_t, home_root_t, tmpreaper_t, print_spool_t, amavis_spool_t, sysctl_crypto_t, user_home_dir_t, man_t, device_t, locale_t, etc_t, file_t, proc_t, tmpfile, abrt_t, lib_t, device_t, root_t, usr_t, etc_t, sysfs_t, sandbox_file_t. :Then execute: :restorecon -v '/var/cache/php-eaccelerator' : : :***** Plugin catchall (1.44 confidence) suggests *************************** : :If you believe that tmpwatch should be allowed read access on the php-eaccelerator directory by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep tmpwatch /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 :Target Context unconfined_u:object_r:var_t:s0 :Target Objects /var/cache/php-eaccelerator [ dir ] :Source tmpwatch :Source Path /usr/sbin/tmpwatch :Port <Unknown> :Host (removed) :Source RPM Packages tmpwatch-2.10.3-1.fc16.x86_64 :Target RPM Packages php-eaccelerator-0.9.6.1-9.fc16.2.x86_64 :Policy RPM selinux-policy-3.10.0-75.fc16.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.2.9-1.fc16.x86_64 #1 SMP Thu Mar : 1 01:41:10 UTC 2012 x86_64 x86_64 :Alert Count 1 :First Seen Tue 13 Mar 2012 03:28:19 AM IST :Last Seen Tue 13 Mar 2012 03:28:19 AM IST :Local ID 15fa757c-b850-4494-946f-4bc06ef2dae5 : :Raw Audit Messages :type=AVC msg=audit(1331589499.204:785): avc: denied { read } for pid=6846 comm="tmpwatch" name="php-eaccelerator" dev=sda4 ino=1448308 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_t:s0 tclass=dir : : :type=SYSCALL msg=audit(1331589499.204:785): arch=x86_64 syscall=openat success=no exit=EACCES a0=ffffffffffffff9c a1=4045eb a2=90800 a3=0 items=0 ppid=6844 pid=6846 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=82 comm=tmpwatch exe=/usr/sbin/tmpwatch subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null) : :Hash: tmpwatch,tmpreaper_t,var_t,dir,read : :audit2allow : :#============= tmpreaper_t ============== :allow tmpreaper_t var_t:dir read; : :audit2allow -R : :#============= tmpreaper_t ============== :allow tmpreaper_t var_t:dir read; :