Description of problem: Five alerts related to httpd have been appearing every day. Looks like bug 961710, but that was fixed more than one year ago. I have been getting these alerts since I installed my system. Also denied in separate alerts: Read on /usr/bin/suexec getattr on port None udp_socket create on apr-tmp.XXXXXX add_name on apr-tmp.YYYYYYY SELinux is preventing httpd from 'getattr' accesses on the netlink_route_socket Unknown. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that httpd should be allowed getattr access on the Unknown netlink_route_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep httpd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:certwatch_t:s0-s0:c0.c1023 Target Context system_u:system_r:certwatch_t:s0-s0:c0.c1023 Target Objects Unknown [ netlink_route_socket ] Source httpd Source Path httpd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-105.3.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.18.9-200.fc21.x86_64 #1 SMP Mon Mar 9 15:10:50 UTC 2015 x86_64 x86_64 Alert Count 2 First Seen 2015-03-18 03:47:01 AEDT Last Seen 2015-03-18 03:47:02 AEDT Local ID ed3ddc15-3bcd-46b8-8038-260d1b43ab3b Raw Audit Messages type=AVC msg=audit(1426610822.424:3843): avc: denied { getattr } for pid=27556 comm="httpd" scontext=system_u:system_r:certwatch_t:s0-s0:c0.c1023 tcontext=system_u:system_r:certwatch_t:s0-s0:c0.c1023 tclass=netlink_route_socket permissive=0 Hash: httpd,certwatch_t,certwatch_t,netlink_route_socket,getattr Version-Release number of selected component: selinux-policy-3.13.1-105.3.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.18.9-200.fc21.x86_64 type: libreport Potential duplicate: bug 961714
*** This bug has been marked as a duplicate of bug 961710 ***