Description of problem: SELinux is preventing /usr/sbin/httpd from 'search' accesses on the directory /var/log/lightdm. ***** Plugin catchall (100. confidence) suggests *************************** If si crede che httpd dovrebbe avere possibilità di accesso search sui lightdm directory in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per il momento eseguendo: # grep httpd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:httpd_t:s0 Target Context system_u:object_r:xserver_log_t:s0 Target Objects /var/log/lightdm [ dir ] Source httpd Source Path /usr/sbin/httpd Port <Unknown> Host (removed) Source RPM Packages httpd-2.4.3-15.fc18.i686 Target RPM Packages lightdm-1.4.0-5.fc18.i686 Policy RPM selinux-policy-3.11.1-76.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.7.8-202.fc18.i686.PAE #1 SMP Fri Feb 15 17:47:05 UTC 2013 i686 i686 Alert Count 4 First Seen 2013-02-17 06:53:58 CET Last Seen 2013-02-17 08:12:02 CET Local ID 685ca15a-882d-4827-99dc-f1eeccb85735 Raw Audit Messages type=AVC msg=audit(1361085122.0:392): avc: denied { search } for pid=2765 comm="httpd" name="lightdm" dev="dm-1" ino=1319699 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:xserver_log_t:s0 tclass=dir type=SYSCALL msg=audit(1361085122.0:392): arch=i386 syscall=stat64 success=no exit=EACCES a0=b8be2c58 a1=bffad890 a2=b73bf000 a3=bffad890 items=0 ppid=747 pid=2765 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 ses=4294967295 tty=(none) comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null) Hash: httpd,httpd_t,xserver_log_t,dir,search audit2allow #============= httpd_t ============== allow httpd_t xserver_log_t:dir search; audit2allow -R #============= httpd_t ============== allow httpd_t xserver_log_t:dir search; Additional info: hashmarkername: setroubleshoot kernel: 3.7.8-202.fc18.i686.PAE type: libreport
Do you want apache to share your /var/log/lightdm directory? Or is /var/log/lightdm a mount point?
just surfing the web Package: (null) OS Release: Fedora release 18 (Spherical Cow)
this is an updated F18 from F17, answers to comment #1 are no
/var/log/lightdm is a (empty) directory
Has this happened again or was this a one time thing? I have a feeling you can safely ignore this avc.
no, it didn't happen again.
Ok lets just close and repopen if it happens again.
it happened again
df | grep lightdm grep -r lightdm /etc/httpd
[antonio@Acer5720 ~]$ su Password: [root@Acer5720 antonio]# df | grep lightdm [root@Acer5720 antonio]# grep -r lightdm /etc/httpd [root@Acer5720 antonio]# lightdm is missing, isn't it??
No idea why apache would search through this directory. Maybe Joe would have an idea?
Vague possibilities: 1) some errant php script 2) the GNOME desktop web sharing thing? Is httpd being used on this system, if so how?
1) o idea about any script 2) what is the GNOME desktop web sharing thing? Gnome-user-share had been installed but it is not working properly see bug #901745
*** Bug 1010623 has been marked as a duplicate of this bug. ***
Description of problem: at start-up immediately after login Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.11.2-201.fc19.i686.PAE type: libreport
Have been receiving similar notifications: SELinux is preventing /usr/sbin/httpd from 'search' accesses on the directory... /etc/openvpn /etc/unbound /home/<username> /var/lib/chrony /var/lib/clamav /var/lib/colord /var/lib/lightdm /var/lib/ntop Remembered installing gnome-user-share some time ago, so tried removing it. While running "yum remove gnome-user-share", noted that mod_dnssd was also removed. Following "systemctl restart httpd.service", there were no messages reported. Tested by re-installing gnome-user-share and restarting the Apache daemon again, and immediately the SELinux messages are shown. For reference, these are the package versions: gnome-user-share.x86_64 3.10.1-1.fc20 httpd.x86_64 2.4.6-6.fc20 mod_dnssd.x86_64 0.6-9.fc20 selinux-policy.noarch 3.12.1-122.fc20 selinux-policy-targeted.noarch 3.12.1-122.fc20