RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1301186 - Mediawiki 1.26.X require additional rules.
Summary: Mediawiki 1.26.X require additional rules.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy
Version: 7.2
Hardware: All
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: Simon Sekidde
QA Contact: Jan Zarsky
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-01-22 19:45 UTC by Frank Büttner
Modified: 2016-11-04 02:40 UTC (History)
7 users (show)

Fixed In Version: selinux-policy-3.13.1-80.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-04 02:40:44 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2283 0 normal SHIPPED_LIVE selinux-policy bug fix and enhancement update 2016-11-03 13:36:25 UTC

Description Frank Büttner 2016-01-22 19:45:52 UTC 
Description of problem:
The SyntaxHighlight module included with it use now Pygments.
This require two additional selinux rules.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.13.1-60.el7.noarch

How reproducible:
Every time

Steps to Reproduce:
1. use the <syntaxhighlight> in an wiki page

Actual results:
Selinux deny messages.

Expected results:
working SyntaxHighlight module

Additional info:
needed rules:
allow httpd_t mediawiki_rw_content_t:file execute_no_trans;
allow httpd_t mediawiki_rw_content_t:file execute;

log:
grep httpd /var/log/audit/audit.log
type=AVC msg=audit(1453489626.989:133716): avc:  denied  { execute } for  pid=26950 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489626.989:133716): arch=c000003e syscall=59 success=no exit=-13 a0=944d30 a1=944460 a2=943050 a3=7ffc79a19c00 items=0 ppid=5236 pid=26950 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489626.989:133717): avc:  denied  { execute } for  pid=26950 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489626.989:133717): arch=c000003e syscall=21 success=no exit=-13 a0=944d30 a1=1 a2=7ffc79a19ce0 a3=7ffc79a19c00 items=0 ppid=5236 pid=26950 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.004:133718): avc:  denied  { execute } for  pid=26951 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.004:133718): arch=c000003e syscall=59 success=no exit=-13 a0=257bd30 a1=257b460 a2=257a050 a3=7ffd01bd6220 items=0 ppid=5236 pid=26951 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.004:133719): avc:  denied  { execute } for  pid=26951 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.004:133719): arch=c000003e syscall=21 success=no exit=-13 a0=257bd30 a1=1 a2=7ffd01bd6300 a3=7ffd01bd6220 items=0 ppid=5236 pid=26951 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.022:133720): avc:  denied  { execute } for  pid=26952 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.022:133720): arch=c000003e syscall=59 success=no exit=-13 a0=818d30 a1=818460 a2=817050 a3=7ffe9e5fc750 items=0 ppid=5236 pid=26952 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.022:133721): avc:  denied  { execute } for  pid=26952 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.022:133721): arch=c000003e syscall=21 success=no exit=-13 a0=818d30 a1=1 a2=7ffe9e5fc830 a3=7ffe9e5fc750 items=0 ppid=5236 pid=26952 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.034:133722): avc:  denied  { execute } for  pid=26953 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.034:133722): arch=c000003e syscall=59 success=no exit=-13 a0=18d2d30 a1=18d2460 a2=18d1050 a3=7fff488183b0 items=0 ppid=5236 pid=26953 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.034:133723): avc:  denied  { execute } for  pid=26953 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.034:133723): arch=c000003e syscall=21 success=no exit=-13 a0=18d2d30 a1=1 a2=7fff48818490 a3=7fff488183b0 items=0 ppid=5236 pid=26953 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.049:133724): avc:  denied  { execute } for  pid=26954 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.049:133724): arch=c000003e syscall=59 success=no exit=-13 a0=168dd30 a1=168d460 a2=168c050 a3=7ffeb04bcc50 items=0 ppid=5236 pid=26954 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.050:133725): avc:  denied  { execute } for  pid=26954 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.050:133725): arch=c000003e syscall=21 success=no exit=-13 a0=168dd30 a1=1 a2=7ffeb04bcd30 a3=7ffeb04bcc50 items=0 ppid=5236 pid=26954 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.060:133726): avc:  denied  { execute } for  pid=26955 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.060:133726): arch=c000003e syscall=59 success=no exit=-13 a0=1cfbd30 a1=1cfb460 a2=1cfa050 a3=7ffee600b730 items=0 ppid=5236 pid=26955 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.060:133727): avc:  denied  { execute } for  pid=26955 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.060:133727): arch=c000003e syscall=21 success=no exit=-13 a0=1cfbd30 a1=1 a2=7ffee600b810 a3=7ffee600b730 items=0 ppid=5236 pid=26955 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.074:133728): avc:  denied  { execute } for  pid=26956 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.074:133728): arch=c000003e syscall=59 success=no exit=-13 a0=1b70d30 a1=1b70460 a2=1b6f050 a3=7ffc25864060 items=0 ppid=5236 pid=26956 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.074:133729): avc:  denied  { execute } for  pid=26956 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.074:133729): arch=c000003e syscall=21 success=no exit=-13 a0=1b70d30 a1=1 a2=7ffc25864140 a3=7ffc25864060 items=0 ppid=5236 pid=26956 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.087:133730): avc:  denied  { execute } for  pid=26957 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.087:133730): arch=c000003e syscall=59 success=no exit=-13 a0=948d30 a1=948460 a2=947050 a3=7ffdf3048100 items=0 ppid=5236 pid=26957 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.087:133731): avc:  denied  { execute } for  pid=26957 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.087:133731): arch=c000003e syscall=21 success=no exit=-13 a0=948d30 a1=1 a2=7ffdf30481e0 a3=7ffdf3048100 items=0 ppid=5236 pid=26957 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.100:133732): avc:  denied  { execute } for  pid=26958 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.100:133732): arch=c000003e syscall=59 success=no exit=-13 a0=258cd30 a1=258c460 a2=258b050 a3=7ffdcf464e30 items=0 ppid=5236 pid=26958 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489627.100:133733): avc:  denied  { execute } for  pid=26958 comm="sh" name="pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489627.100:133733): arch=c000003e syscall=21 success=no exit=-13 a0=258cd30 a1=1 a2=7ffdcf464f10 a3=7ffdcf464e30 items=0 ppid=5236 pid=26958 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.328:133742): avc:  denied  { execute_no_trans } for  pid=27134 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.328:133742): arch=c000003e syscall=59 success=no exit=-13 a0=1823d00 a1=1823430 a2=1822040 a3=7ffc73222da0 items=0 ppid=5193 pid=27134 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.444:133743): avc:  denied  { execute_no_trans } for  pid=27135 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.444:133743): arch=c000003e syscall=59 success=no exit=-13 a0=1e06d00 a1=1e06430 a2=1e05040 a3=7fff4f103650 items=0 ppid=5193 pid=27135 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.458:133744): avc:  denied  { execute_no_trans } for  pid=27136 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.458:133744): arch=c000003e syscall=59 success=no exit=-13 a0=2256d00 a1=2256430 a2=2255040 a3=7ffd798ae580 items=0 ppid=5193 pid=27136 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.477:133745): avc:  denied  { execute_no_trans } for  pid=27137 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.477:133745): arch=c000003e syscall=59 success=no exit=-13 a0=228fd00 a1=228f430 a2=228e040 a3=7ffe54775020 items=0 ppid=5193 pid=27137 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.493:133746): avc:  denied  { execute_no_trans } for  pid=27138 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.493:133746): arch=c000003e syscall=59 success=no exit=-13 a0=1144d00 a1=1144430 a2=1143040 a3=7ffcd89cbda0 items=0 ppid=5193 pid=27138 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.505:133747): avc:  denied  { execute_no_trans } for  pid=27139 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.505:133747): arch=c000003e syscall=59 success=no exit=-13 a0=25b7d00 a1=25b7430 a2=25b6040 a3=7ffc0ae4d160 items=0 ppid=5193 pid=27139 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.517:133748): avc:  denied  { execute_no_trans } for  pid=27140 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.517:133748): arch=c000003e syscall=59 success=no exit=-13 a0=19b2d00 a1=19b2430 a2=19b1040 a3=7ffc17b1a850 items=0 ppid=5193 pid=27140 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.529:133749): avc:  denied  { execute_no_trans } for  pid=27141 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.529:133749): arch=c000003e syscall=59 success=no exit=-13 a0=126ad00 a1=126a430 a2=1269040 a3=7fffb87c9d90 items=0 ppid=5193 pid=27141 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.545:133750): avc:  denied  { execute_no_trans } for  pid=27142 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.545:133750): arch=c000003e syscall=59 success=no exit=-13 a0=2134d00 a1=2134430 a2=2133040 a3=7ffe6158a000 items=0 ppid=5193 pid=27142 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.560:133751): avc:  denied  { execute_no_trans } for  pid=27143 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.560:133751): arch=c000003e syscall=59 success=no exit=-13 a0=2075d00 a1=2075430 a2=2074040 a3=7ffe3fddb390 items=0 ppid=5193 pid=27143 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.577:133752): avc:  denied  { execute_no_trans } for  pid=27144 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.577:133752): arch=c000003e syscall=59 success=no exit=-13 a0=1625d00 a1=1625430 a2=1624040 a3=7ffc2b40b9c0 items=0 ppid=5193 pid=27144 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.590:133753): avc:  denied  { execute_no_trans } for  pid=27145 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.590:133753): arch=c000003e syscall=59 success=no exit=-13 a0=1ba4d00 a1=1ba4430 a2=1ba3040 a3=7ffd35616a50 items=0 ppid=5193 pid=27145 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.603:133754): avc:  denied  { execute_no_trans } for  pid=27146 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.603:133754): arch=c000003e syscall=59 success=no exit=-13 a0=10aad00 a1=10aa430 a2=10a9040 a3=7ffc50a3d1b0 items=0 ppid=5193 pid=27146 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.615:133755): avc:  denied  { execute_no_trans } for  pid=27147 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.615:133755): arch=c000003e syscall=59 success=no exit=-13 a0=1141d00 a1=1141430 a2=1140040 a3=7fffde6d1010 items=0 ppid=5193 pid=27147 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1453489942.631:133756): avc:  denied  { execute_no_trans } for  pid=27148 comm="sh" path="/var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize" dev="vda2" ino=2364233 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mediawiki_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1453489942.631:133756): arch=c000003e syscall=59 success=no exit=-13 a0=17b5d00 a1=17b5430 a2=17b4040 a3=7ffc2720fdb0 items=0 ppid=5193 pid=27148 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:httpd_t:s0 key=(null)
Comment 2 Miroslav Grepl 2016-02-12 06:07:36 UTC 
Hi Frank,
could you try to label it using

# chcon -t mediawiki_script_exec_t /var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize

and re-test it?
Comment 3 Frank Büttner 2016-02-12 17:51:45 UTC 
1. semodule -P -r myfix
2. chcon -t mediawiki_script_exec_t 
3. edit in the wiki.

result:
Syntax highlight don't work.

audit:
type=AVC msg=audit(1455299306.250:7632): avc:  denied  { read } for  pid=706 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.250:7632): arch=c000003e syscall=2 success=no exit=-13 a0=7f8ae84ee4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=706 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.286:7633): avc:  denied  { read } for  pid=707 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.286:7633): arch=c000003e syscall=2 success=no exit=-13 a0=7f037066f4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=707 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.316:7634): avc:  denied  { read } for  pid=708 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.316:7634): arch=c000003e syscall=2 success=no exit=-13 a0=7f87a762b4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=708 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.352:7635): avc:  denied  { read } for  pid=709 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.352:7635): arch=c000003e syscall=2 success=no exit=-13 a0=7f8220d2a4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=709 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.384:7636): avc:  denied  { read } for  pid=710 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.384:7636): arch=c000003e syscall=2 success=no exit=-13 a0=7f0d237de4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=710 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.417:7637): avc:  denied  { read } for  pid=711 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.417:7637): arch=c000003e syscall=2 success=no exit=-13 a0=7f878996a4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=711 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.451:7638): avc:  denied  { read } for  pid=712 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.451:7638): arch=c000003e syscall=2 success=no exit=-13 a0=7fe13f90d4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=712 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.486:7639): avc:  denied  { read } for  pid=713 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.486:7639): arch=c000003e syscall=2 success=no exit=-13 a0=7f4879fae4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=713 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.519:7640): avc:  denied  { read } for  pid=714 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.519:7640): arch=c000003e syscall=2 success=no exit=-13 a0=7f1bbe8594a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=714 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)
type=AVC msg=audit(1455299306.551:7641): avc:  denied  { read } for  pid=715 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
type=SYSCALL msg=audit(1455299306.551:7641): arch=c000003e syscall=2 success=no exit=-13 a0=7fe289c624a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=715 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null)


return to:
1. restorecon pygmentize
2. semodule -P -i myfix
3.  edit in the wiki
result:
Syntax highlight  work and no audit messages.
Comment 8 errata-xmlrpc 2016-11-04 02:40:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2283.html
Note You need to log in before you can comment on or make changes to this bug.