Bug 974313
Summary: | nodejs segfaults when used with SELinux enforcing and setsebool httpd_execmem off | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Joe Honton <joe> |
Component: | nodejs | Assignee: | T.C. Hollingsworth <tchollingsworth> |
Status: | CLOSED WORKSFORME | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | jamielinux, mrunge, sgallagh, tchollingsworth, thrcka |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-06-14 01:24:58 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Joe Honton
2013-06-13 23:24:41 UTC
This works for me: % cat /var/www/html/nodetest.php <?php header("Content-Type: text/plain"); system("/usr/bin/node -pe process.version"); % sudo getsebool httpd_execmem httpd_execmem --> off % curl http://localhost/nodetest.php % sudo ausearch -m avc -ts recent ---- time->Thu Jun 13 18:20:27 2013 type=SYSCALL msg=audit(1371172827.650:870): arch=c000003e syscall=9 success=no exit=-13 a0=3d57a8f77000 a1=1000 a2=7 a3=22 items=0 ppid=6700 pid=6886 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 ses=4294967295 tty=(none) comm="node" exe="/usr/bin/node" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1371172827.650:870): avc: denied { execmem } for pid=6886 comm="node" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=process ---- time->Thu Jun 13 18:20:27 2013 type=SYSCALL msg=audit(1371172827.650:869): arch=c000003e syscall=9 success=no exit=-13 a0=3dd9286f000 a1=1000 a2=7 a3=32 items=0 ppid=6700 pid=6886 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 ses=4294967295 tty=(none) comm="node" exe="/usr/bin/node" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1371172827.650:869): avc: denied { execmem } for pid=6886 comm="node" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=process % sudo setsebool httpd_execmem on % curl http://localhost/nodetest.php v0.10.10 I'm not sure why you're not getting an AVC. You appear to be using a Rawhide nodejs on F17?? That is...unsupported...to say the least. We don't support nodejs on F17 at all due to its OpenSSL not being compatible. Please let us know if you can reproduce on F18 or later. |