+++ This bug was initially created as a clone of Bug #703010 +++ SELinux is preventing /usr/bin/perl from using the 'signal' accesses on a process. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that perl should be allowed signal access on processes labeled psad_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep psad /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:psad_t:s0-s0:c0.c1023 Target Context system_u:system_r:psad_t:s0 Target Objects Unknown [ process ] Source psad Source Path /usr/bin/perl Port <Unknown> Host (removed) Source RPM Packages perl-5.12.3-157.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-21.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.38.5-22.fc15.x86_64 #1 SMP Mon May 2 19:28:55 UTC 2011 x86_64 x86_64 Alert Count 1 First Seen Sun 08 May 2011 08:12:09 PM EDT Last Seen Sun 08 May 2011 08:12:09 PM EDT Local ID e3e00949-c348-4693-b2e9-f20a6d4ea40a Raw Audit Messages type=AVC msg=audit(1304899929.242:307): avc: denied { signal } for pid=9651 comm="psad" scontext=system_u:system_r:psad_t:s0-s0:c0.c1023 tcontext=system_u:system_r:psad_t:s0 tclass=process type=SYSCALL msg=audit(1304899929.242:307): arch=x86_64 syscall=kill success=no exit=EACCES a0=c07 a1=1 a2=1202220 a3=3a86d2b490 items=0 ppid=9491 pid=9651 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=8 comm=psad exe=/usr/bin/perl subj=system_u:system_r:psad_t:s0-s0:c0.c1023 key=(null) Hash: psad,psad_t,psad_t,process,signal audit2allow #============= psad_t ============== allow psad_t self:process signal; audit2allow -R #============= psad_t ============== allow psad_t self:process signal; --- Additional comment from mgrepl on 2011-05-09 10:29:42 EDT --- Fixed in selinux-policy-3.9.16-24.fc15 --- Additional comment from mrmoosetrain on 2011-07-19 19:33:01 EDT --- (In reply to comment #1) > Fixed in selinux-policy-3.9.16-24.fc15 I am using Fc14 and will not upgrade to FC15 just now are there a fix for fc14.
Just add allow psad_t self:process signal_perms;
Fixed in selinux-policy-3.9.7-44.fc14
selinux-policy-3.9.7-44.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-44.fc14
Package selinux-policy-3.9.7-44.fc14: * should fix your issue, * was pushed to the Fedora 14 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.9.7-44.fc14' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-44.fc14 then log in and leave karma (feedback).
selinux-policy-3.9.7-44.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.