Summary: SELinux is preventing /bin/bash "getattr" access on /var/www. Detailed Description: SELinux denied access requested by mysqld_safe. It is not expected that this access is required by mysqld_safe and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:mysqld_safe_t:s0 Target Context system_u:object_r:httpd_sys_content_t:s0 Target Objects /var/www [ dir ] Source mysqld_safe Source Path /bin/bash Port <Unknown> Host (removed) Source RPM Packages bash-4.0.35-2.fc12 Target RPM Packages httpd-2.2.14-1.fc12 Policy RPM selinux-policy-3.6.32-66.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31.9-174.fc12.i686.PAE #1 SMP Mon Dec 21 06:04:56 UTC 2009 i686 i686 Alert Count 2 First Seen Tue 19 Jan 2010 11:38:07 PM GMT Last Seen Wed 20 Jan 2010 10:23:33 PM GMT Local ID 14da3191-0bcd-4a18-9e75-2395703f5f36 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1264026213.858:45): avc: denied { getattr } for pid=6506 comm="mysqld_safe" path="/var/www" dev=dm-1 ino=98085 scontext=unconfined_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1264026213.858:45): arch=40000003 syscall=195 success=no exit=-13 a0=8ab2db8 a1=bfc24760 a2=280ff4 a3=0 items=0 ppid=6473 pid=6506 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="mysqld_safe" exe="/bin/bash" subj=unconfined_u:system_r:mysqld_safe_t:s0 key=(null) Hash String generated from selinux-policy-3.6.32-66.fc12,catchall,mysqld_safe,mysqld_safe_t,httpd_sys_content_t,dir,getattr audit2allow suggests: #============= mysqld_safe_t ============== allow mysqld_safe_t httpd_sys_content_t:dir getattr;
Do you have a mounted file system at /var/www? mount | grep www
Were you using webmin to manage your environment?
There is no file system mounted These are the permissions on the folder [hughest@hughestlpt ~]$ ll -Zald /var/www/ drwxr-xr-x. 11 system_u:object_r:httpd_sys_content_t:s0 root root 4096 2010-01-21 00:21 /var/www/ and this this is what I have in there drwxr-xr-x. 11 system_u:object_r:httpd_sys_content_t:s0 root root 4096 2010-01-21 00:21 . drwxr-xr-x. 22 system_u:object_r:var_t:s0 root root 4096 2010-02-04 13:48 .. drwxr-xr-x. 2 unconfined_u:object_r:httpd_sys_content_t:s0 root root 4096 2010-01-19 22:31 build drwxr-xr-x. 2 system_u:object_r:httpd_sys_script_exec_t:s0 root root 4096 2009-12-22 20:29 cgi-bin drwxr-xr-x. 3 system_u:object_r:httpd_sys_content_t:s0 root root 4096 2009-12-18 14:59 error drwxr-xr-x. 2 system_u:object_r:httpd_sys_content_t:s0 root root 4096 2010-01-28 16:50 html drwxr-xr-x. 3 system_u:object_r:httpd_sys_content_t:s0 root root 4096 2009-12-18 14:59 icons drwxrwxr-x. 16 system_u:object_r:httpd_sys_content_t:s0 apache apache 4096 2010-01-21 23:19 joomla drwxr-xr-x. 3 system_u:object_r:httpd_sys_content_t:s0 root root 4096 2009-12-28 20:20 manual -rw-r--r--. 1 unconfined_u:object_r:httpd_sys_content_t:s0 root root 16328184 2009-11-12 18:53 Pinax-0.7.1-bundle.tar.gz drwxr-xr-x. 4 unconfined_u:object_r:httpd_sys_content_t:s0 root root 4096 2010-01-19 22:32 src drwxrwxr-x. 5 system_u:object_r:httpd_sys_content_t:s0 apache apache 4096 2010-01-21 01:38 wordpress
Sorry forgot to add that I am not using webmin either
Looks like this script is searching through the contents of /var/*/ Miroslav, I think it is safest to just add files_dontaudit_getattr_all_dirs(mysqld_safe_t)
Fixed in selinux-policy-3.6.32-91.fc12
selinux-policy-3.6.32-92.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-92.fc12
selinux-policy-3.6.32-92.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-2953
selinux-policy-3.6.32-92.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.