Bug 244008 - SELinux is preventing generate_test.p (httpd_sys_script_t) "create" to <Unknown> (httpd_sys_script_t)
SELinux is preventing generate_test.p (httpd_sys_script_t) "create" to <Unkno...
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
5.0
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-13 06:46 EDT by Ondrej Sevcik
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-13 09:48:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ondrej Sevcik 2007-06-13 06:46:41 EDT
Description of problem:

Perl scipt tries to connect to some URL:
   $ua = LWP::UserAgent->new;
   my $req = HTTP::Request->new(GET => "http://10.34.33.220/test/
$reqfile?id=$i");
   my $res = $ua->request($req);

Result of this operation is here:


Source Context                root:system_r:httpd_sys_script_t
Target Context                root:system_r:httpd_sys_script_t
Target Objects                None [ tcp_socket ]
Affected RPM Packages
Policy RPM                    selinux-policy-2.4.6-74.el5
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall
Host Name                     dhcp-lab-220.englab.brq.redhat.com
Platform                      Linux dhcp-lab-220.englab.brq.redhat.com
                              2.6.18-8.1.4.el5 #1 SMP Fri May 4 22:15:13 EDT
                              2007 i686 i686
Alert Count                   2129
Line Numbers

Raw Audit Messages

avc: denied { create } for comm="generate_test.p" egid=48 euid=48
exe="/usr/bin/perl" exit=-13 fsgid=48 fsuid=48 gid=48 items=0 pid=4067
scontext=root:system_r:httpd_sys_script_t:s0 sgid=48
subj=root:system_r:httpd_sys_script_t:s0 suid=48 tclass=tcp_socket
tcontext=root:system_r:httpd_sys_script_t:s0 tty=(none) uid=48


Version-Release number of selected component (if applicable):
selinux-policy-2.4.6-74.el5
selinux-policy-targeted-2.4.6-74.el5
This is perl, v5.8.8 built for i386-linux-thread-multi
Perl is runing as a module in apache 

How reproducible:
100%

Steps to Reproduce:
1. Run perl script with code described above
  
Actual results:
Audit log fragment is listed below.

Expected results:
No create denied messages in audit log

Additional info:
Jun 12 01:21:23 dhcp-lab-220 setroubleshoot:      SELinux is preventing 
generate_test.p (httpd_sys_script_t) "create" to <Unknown> 
(httpd_sys_script_t).      For complete SELinux messages. run sealert -l 
0cbeb5ed-0304-480a-b12d-ec51fb7d8e0e
Comment 1 Ondrej Sevcik 2007-06-13 09:48:52 EDT
setsebool -P httpd_can_network_connect=1

fix this problem.

Note You need to log in before you can comment on or make changes to this bug.