Summary: SELinux is preventing /usr/sbin/httpd "create" access on assoc_handle_d3d87ea4a004a628a312b0c416a2b399. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by httpd. It is not expected that this access is required by httpd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:httpd_t:s0 Target Context unconfined_u:object_r:httpd_tmp_t:s0 Target Objects assoc_handle_d3d87ea4a004a628a312b0c416a2b399 [ lnk_file ] Source httpd Source Path /usr/sbin/httpd Port <Unknown> Host (removed) Source RPM Packages httpd-2.2.14-1.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-92.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.32.9-67.fc12.x86_64 #1 SMP Sat Feb 27 09:26:40 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Thu 11 Mar 2010 08:48:54 PM EST Last Seen Thu 11 Mar 2010 08:48:54 PM EST Local ID bebd52a5-9b65-43d1-beba-104898a5b48d Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1268358534.639:663): avc: denied { create } for pid=23982 comm="httpd" name="assoc_handle_d3d87ea4a004a628a312b0c416a2b399" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_tmp_t:s0 tclass=lnk_file node=(removed) type=SYSCALL msg=audit(1268358534.639:663): arch=c000003e syscall=88 success=yes exit=0 a0=7fc7981cebf8 a1=7ffff3d96880 a2=0 a3=3962313936356530 items=0 ppid=23939 pid=23982 auid=500 uid=48 gid=479 euid=48 suid=48 fsuid=48 egid=479 sgid=479 fsgid=479 tty=(none) ses=1 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null) Hash String generated from catchall,httpd,httpd_t,httpd_tmp_t,lnk_file,create audit2allow suggests: #============= httpd_t ============== allow httpd_t httpd_tmp_t:lnk_file create;
Fixed in selinux-policy-3.6.32-102.fc12
selinux-policy-3.6.32-103.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-103.fc12
selinux-policy-3.6.32-103.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-103.fc12
selinux-policy-3.6.32-103.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.