Hide Forgot
type=AVC msg=audit(1474362891.573:639): avc: denied { write } for pid=3594 comm="phantomjs" path="[eventfd]" dev=anon_inodefs ino=3841 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:anon_inodefs_t:s0 tclass=file Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access.
Could you provide a complete list of SELinux denials? # ausearch -m avc -m user_avc -m selinux_err -m user_selinux_err -i -ts today
Created attachment 1202800 [details] output of selinux denials
Based on SELinux denials in the attachment, I can identify several problems on your machine: * there are mislabeled files in /root/.ssh directory # restorecon -Rv /root/.ssh * Apache cannot connect to MySQL database # setsebool -P httpd_can_network_connect_db on * phantomjs would like to set resource limits # setsebool -P httpd_setrlimit on * there is a process called wkhtmltopdf which would like to call mmap() # setsebool -P httpd_execmem on # be careful here!!! and of course following allow rule is missing in the policy: allow httpd_t anon_inodefs_t : file { write }
thank you. i will execute the above and test.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2017-0627.html