Summary: SELinux is preventing /usr/bin/php-cgi "setattr" access on /tmp. Detailed Description: SELinux denied access requested by php-cgi. It is not expected that this access is required by php-cgi and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:httpd_t:s0 Target Context system_u:object_r:tmp_t:s0 Target Objects /tmp [ dir ] Source php-cgi Source Path /usr/bin/php-cgi Port <Unknown> Host (removed) Source RPM Packages php-cli-5.3.3-1.fc14 Target RPM Packages filesystem-2.4.35-1.fc14 Policy RPM selinux-policy-3.9.7-12.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.35.6-48.fc14.i686 #1 SMP Fri Oct 22 15:34:36 UTC 2010 i686 i686 Alert Count 4 First Seen Tue 30 Nov 2010 09:50:49 PM EST Last Seen Tue 30 Nov 2010 10:17:14 PM EST Local ID 109b72a2-4aa5-4d3e-b13a-60f45752fb2a Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1291173434.146:123): avc: denied { setattr } for pid=3737 comm="php-cgi" name="tmp" dev=dm-0 ino=786 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1291173434.146:123): arch=40000003 syscall=15 success=no exit=-13 a0=9375a58 a1=1ff a2=8379c88 a3=93e1950 items=0 ppid=3735 pid=3737 auid=500 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=1 comm="php-cgi" exe="/usr/bin/php-cgi" subj=unconfined_u:system_r:httpd_t:s0 key=(null) Hash String generated from catchall,php-cgi,httpd_t,tmp_t,dir,setattr audit2allow suggests: #============= httpd_t ============== allow httpd_t tmp_t:dir setattr;
Do you have a script changing file mode on /tmp directory?
I believe it is RUtorrent causing this...how do I allow it?
Capone, did anything actually get blocked? I think you can dontaudit this and everything will work fine. httpd running as uid 500 is not going to be allowed to change the attributes of /tmp because of DAC rules anyways. # grep tmp_t /var/log/audit/audit.log | audit2allow -D -M myhttp # semodule -i myhttp.pp Will get it to stop complaining.
Worked Perfectly. It finally stopped complaining...RUTorrent still doesn't work..but that's for another forum! Thanks!