Bug 811421
Summary: | SELinux is preventing /usr/sbin/httpd from 'search' accesses on the directory /var/lib/colord. | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Luya Tshimbalanga <luya> | ||||
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 16 | CC: | dominick.grift, dwalsh, mgrepl, promac | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Unspecified | ||||||
Whiteboard: | abrt_hash:43123b57cf6303047c58c1c638840c803811cd570fb4da4ea5776f4bcf378122 | ||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2012-06-25 08:17:01 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Luya Tshimbalanga
2012-04-11 01:21:34 UTC
Do you have apache files in /var/lib/colord? No according to the result: $ ls /var/lib/colord/ icc mapping.db storage.db icc folder is empty Did it happen again? No, I don't see the problem happening since the last update. It seems the issue is fixed. OK, thank you. Let's close this bug. I am still seeing this bug on F17 64 bits fully updated: /usr/bin/httpd Attempted this access: search On this directory: saslauthd /var/lib/chrony /var/lib/colord /var/lib/mpd /etc/openvpn It has been this way for a long time ... Paulo please attach your current AVCs rpm -q selinux-policy Created attachment 639005 [details]
avc denial
selinux-policy-3.10.0-156.fc17.noarch Did it all happen if you were running BackupPC? In F17, if I restart backuppc, I have to restart httpd, otherwise no backup is shown in backuppc admin page. Therefore, this happens every time I restart httpd. Normally, I have backuppc running all the time, and backing up on an external usb HD. I have to check if I stop backuppc and restar httpd, whether the avc happens or not ... Even with backuppc stopped the denial occurs ... |