Bug 590105 - SELinux is preventing /usr/sbin/httpd "setattr" access on zend_cache---internal-metadatas---Zend_LocaleL_es_ES_month_gregorian_format_abbreviated.
SELinux is preventing /usr/sbin/httpd "setattr" access on zend_cache---i...
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
12
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
setroubleshoot_trace_hash:9e593ccff2f...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-07 14:08 EDT by Miguel Angel Perez
Modified: 2010-05-10 13:37 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-05-10 13:37:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Miguel Angel Perez 2010-05-07 14:08:38 EDT
Resúmen:

SELinux is preventing /usr/sbin/httpd "setattr" access on
zend_cache---internal-metadatas---Zend_LocaleL_es_ES_month_gregorian_format_abbreviated.

Descripción Detallada:

SELinux denied access requested by httpd. It is not expected that this access is
required by httpd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Permitiendo Acceso:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Información Adicional:

Contexto Fuente               unconfined_u:system_r:httpd_t:s0
Contexto Destino              unconfined_u:object_r:user_tmp_t:s0
Objetos Destino               zend_cache---internal-metadatas---Zend_LocaleL_es_
                              ES_month_gregorian_format_abbreviated [ file ]
Fuente                        httpd
Dirección de Fuente          /usr/sbin/httpd
Puerto                        <Desconocido>
Nombre de Equipo              (removed)
Paquetes RPM Fuentes          httpd-2.2.14-1.fc12
Paquetes RPM Destinos         
RPM de Políticas             selinux-policy-3.6.32-113.fc12
SELinux Activado              True
Tipo de Política             targeted
Modo Obediente                Enforcing
Nombre de Plugin              catchall
Nombre de Equipo              (removed)
Plataforma                    Linux (removed) 2.6.32.11-99.fc12.i686.PAE
                              #1 SMP Mon Apr 5 16:15:03 EDT 2010 i686 i686
Cantidad de Alertas           5
Visto por Primera Vez         vie 07 may 2010 20:06:05 CEST
Visto por Última Vez         vie 07 may 2010 20:06:05 CEST
ID Local                      6197535e-b075-4176-9b2c-a423521381c9
Números de Línea            

Mensajes de Auditoría Crudos 

node=(removed) type=AVC msg=audit(1273255565.253:103): avc:  denied  { setattr } for  pid=3091 comm="httpd" name="zend_cache---internal-metadatas---Zend_LocaleL_es_ES_month_gregorian_format_abbreviated" dev=sda9 ino=312151 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1273255565.253:103): arch=40000003 syscall=15 success=no exit=-13 a0=b55171c0 a1=180 a2=b713ee4c a3=b5518654 items=0 ppid=3079 pid=3091 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=1 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)



Hash String generated from  catchall,httpd,httpd_t,user_tmp_t,file,setattr
audit2allow suggests:

#============= httpd_t ==============
allow httpd_t user_tmp_t:file setattr;
Comment 1 Daniel Walsh 2010-05-07 16:32:05 EDT
I think you have files that are mislabeled?  zend_caceh*  Where are these located?  If you run restorecon -v zend_cache*  Does the context change?
Comment 2 Miguel Angel Perez 2010-05-07 19:03:51 EDT
(In reply to comment #1)
> I think you have files that are mislabeled?  zend_caceh*  Where are these
> located?  If you run restorecon -v zend_cache*  Does the context change?    

I'm not able to find such file in my filesystem or were it could be. But i've googled a bit andiIt looks like is something related with the ZendFramework (http://framework.zend.com) library I use in a php web site i'm working with.

I think you are right and I have some labeling problem. I have the web site files inside my user account and I have manually set the context httpd_sys_content_t over those files so i can test locally the site with httpd.
Comment 3 Daniel Walsh 2010-05-10 13:37:14 EDT
Ok if it happens again, reopen the bug, or run restorecon on the file, should fix.

Note You need to log in before you can comment on or make changes to this bug.