Summary: SELinux is preventing /usr/sbin/httpd "create" access on zms-433852w.sock. Happens when trying to view a video stream from the zoneminder web UI. Detailed Description: SELinux denied access requested by httpd. It is not expected that this access is required by httpd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:httpd_t:s0 Target Context unconfined_u:object_r:tmp_t:s0 Target Objects zms-433852w.sock [ sock_file ] Source httpd Source Path /usr/sbin/httpd Port <Unknown> Host (removed) Source RPM Packages httpd-2.2.15-1.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-28.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.5-124.fc13.i686 #1 SMP Fri Jun 11 09:48:40 UTC 2010 i686 i686 Alert Count 1 First Seen Fri 02 Jul 2010 11:22:57 PM PDT Last Seen Fri 02 Jul 2010 11:22:57 PM PDT Local ID 879d10df-785f-41cd-b492-cf2067560ecc Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1278138177.705:27443): avc: denied { create } for pid=2920 comm="httpd" name="zms-433852w.sock" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file node=(removed) type=SYSCALL msg=audit(1278138177.705:27443): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bfcdbad0 a2=131ad1c a3=1fbd900 items=0 ppid=2912 pid=2920 auid=500 uid=48 gid=488 euid=48 suid=48 fsuid=48 egid=488 sgid=488 fsgid=488 tty=(none) ses=1 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null) Hash String generated from catchall,httpd,httpd_t,tmp_t,sock_file,create audit2allow suggests: #============= httpd_t ============== allow httpd_t tmp_t:sock_file create;
*** This bug has been marked as a duplicate of bug 611016 ***