Description of problem: Try to connect to smokeping site. And error is displayed in the browser. Switching to Permissive mode makes the smokeping site work. SELinux is preventing /usr/bin/perl from 'getattr' accesses on the sock_file /dev/log. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that perl should be allowed getattr access on the log sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep smokeping.fcgi /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:httpd_smokeping_cgi_script_t:s0 Target Context system_u:object_r:devlog_t:s0 Target Objects /dev/log [ sock_file ] Source smokeping.fcgi Source Path /usr/bin/perl Port <Unknown> Host (removed) Source RPM Packages perl-5.16.3-266.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-74.26.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.14.8-100.fc19.x86_64 #1 SMP Mon Jun 16 21:53:59 UTC 2014 x86_64 x86_64 Alert Count 5 First Seen 2014-06-02 11:32:41 CDT Last Seen 2014-07-21 12:18:01 CDT Local ID f0aaf237-8003-4a55-9ef6-c71db0d639a3 Raw Audit Messages type=AVC msg=audit(1405963081.78:5871): avc: denied { getattr } for pid=17888 comm="smokeping.fcgi" path="/dev/log" dev="devtmpfs" ino=8105 scontext=system_u:system_r:httpd_smokeping_cgi_script_t:s0 tcontext=system_u:object_r:devlog_t:s0 tclass=sock_file type=SYSCALL msg=audit(1405963081.78:5871): arch=x86_64 syscall=stat success=yes exit=0 a0=12b8600 a1=1247138 a2=1247138 a3=0 items=0 ppid=13666 pid=17888 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=smokeping.fcgi exe=/usr/bin/perl subj=system_u:system_r:httpd_smokeping_cgi_script_t:s0 key=(null) Hash: smokeping.fcgi,httpd_smokeping_cgi_script_t,devlog_t,sock_file,getattr Additional info: reporter: libreport-2.2.2 hashmarkername: setroubleshoot kernel: 3.14.8-100.fc19.x86_64 type: libreport
a893a4ec9659c6ba4c4b832778d3bf45eaf6c020 fixes this in git.
commit e2a83f9868f213fe1ba9916b9833124e44bb19d2 Author: Lukas Vrabec <lvrabec> Date: Tue Aug 12 10:28:56 2014 +0200 Allow smokeping cgi script to send syslog messages (#1122163) https://github.com/selinux-policy/selinux-policy/commit/e2a83f9868f213fe1ba9916b9833124e44bb19d2
selinux-policy-3.12.1-74.29.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-74.29.fc19
Package selinux-policy-3.12.1-74.29.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-74.29.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9432/selinux-policy-3.12.1-74.29.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-74.30.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-74.30.fc19
selinux-policy-3.12.1-74.30.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.