Bug 445637 - SELinux is preventing /usr/sbin/prelink (prelink_t) "add_name remove_name" to config.cgi (httpd_nagios_script_exec_t)
SELinux is preventing /usr/sbin/prelink (prelink_t) "add_name remove_name" to...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
5.4
All Linux
low Severity medium
: rc
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-08 02:06 EDT by Anand Moon
Modified: 2008-07-02 15:41 EDT (History)
0 users

See Also:
Fixed In Version: u2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-02 15:41:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Anand Moon 2008-05-08 02:06:19 EDT
SummarySELinux is preventing /usr/sbin/prelink (prelink_t) "add_name
remove_name" to config.cgi (httpd_nagios_script_exec_t).Detailed
DescriptionSELinux denied access requested by /usr/sbin/prelink. It is not
expected that this access is required by /usr/sbin/prelink and this access may
signal an intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional
access.Allowing AccessSometimes labeling problems can cause SELinux denials. You
could try to restore the default system file context for config.cgi, restorecon
-v config.cgi If this does not work, there is currently no automatic way to
allow this access. Instead, you can generate a local policy module to allow this
access - see FAQ Or you can disable SELinux protection altogether. Disabling
SELinux protection is not recommended. Please file a bug report against this
package.Additional InformationSource
Context:  system_u:system_r:prelink_t:SystemLow-SystemHighTarget
Context:  system_u:object_r:httpd_nagios_script_exec_tTarget
Objects:  config.cgi [ dir ]Affected RPM Packages:  prelink-0.3.9-2.1
[application]Policy RPM:  selinux-policy-2.4.6-106.el5_1.3Selinux
Enabled:  TruePolicy Type:  targetedMLS Enabled:  TrueEnforcing
Mode:  EnforcingPlugin Name:  plugins.catchall_fileHost
Name:  thinkpad.r51Platform:  Linux thinkpad.r51 2.6.22.14-72 #1 SMP Thu May 8
02:56:09 IST 2008 i686 i686Alert Count:  8Line Numbers:
Comment 1 Daniel Walsh 2008-07-02 15:41:02 EDT
This is fixed by the u2 policy.

Note You need to log in before you can comment on or make changes to this bug.