Bug 445637 - SELinux is preventing /usr/sbin/prelink (prelink_t) "add_name remove_name" to config.cgi (httpd_nagios_script_exec_t)
Summary: SELinux is preventing /usr/sbin/prelink (prelink_t) "add_name remove_name" to...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy-targeted
Version: 5.4
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-05-08 06:06 UTC by Anand Moon
Modified: 2008-07-02 19:41 UTC (History)
0 users

Fixed In Version: u2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-07-02 19:41:02 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Anand Moon 2008-05-08 06:06:19 UTC
SummarySELinux is preventing /usr/sbin/prelink (prelink_t) "add_name
remove_name" to config.cgi (httpd_nagios_script_exec_t).Detailed
DescriptionSELinux denied access requested by /usr/sbin/prelink. It is not
expected that this access is required by /usr/sbin/prelink and this access may
signal an intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional
access.Allowing AccessSometimes labeling problems can cause SELinux denials. You
could try to restore the default system file context for config.cgi, restorecon
-v config.cgi If this does not work, there is currently no automatic way to
allow this access. Instead, you can generate a local policy module to allow this
access - see FAQ Or you can disable SELinux protection altogether. Disabling
SELinux protection is not recommended. Please file a bug report against this
package.Additional InformationSource
Context:  system_u:system_r:prelink_t:SystemLow-SystemHighTarget
Context:  system_u:object_r:httpd_nagios_script_exec_tTarget
Objects:  config.cgi [ dir ]Affected RPM Packages:  prelink-0.3.9-2.1
[application]Policy RPM:  selinux-policy-2.4.6-106.el5_1.3Selinux
Enabled:  TruePolicy Type:  targetedMLS Enabled:  TrueEnforcing
Mode:  EnforcingPlugin Name:  plugins.catchall_fileHost
Name:  thinkpad.r51Platform:  Linux thinkpad.r51 2.6.22.14-72 #1 SMP Thu May 8
02:56:09 IST 2008 i686 i686Alert Count:  8Line Numbers:

Comment 1 Daniel Walsh 2008-07-02 19:41:02 UTC
This is fixed by the u2 policy.


Note You need to log in before you can comment on or make changes to this bug.