Additional info: libreport version: 2.0.18 kernel: 3.7.6-102.fc17.x86_64 description: :SELinux is preventing /usr/sbin/httpd from using the 'ipc_owner' capabilities. : :***** Plugin catchall (100. confidence) suggests *************************** : :If cree que httpd debería tener la capacidad de ipc_owner de forma predeterminada. :Then debería reportar esto como un error. :Puede generar un módulo de política local para permitir este acceso. :Do :permita el acceso momentáneamente executando: :# grep httpd /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:httpd_t:s0 :Target Context system_u:system_r:httpd_t:s0 :Target Objects [ capability ] :Source httpd :Source Path /usr/sbin/httpd :Port <Desconocido> :Host (removed) :Source RPM Packages httpd-2.2.23-1.fc17.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-167.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.7.6-102.fc17.x86_64 #1 SMP Mon : Feb 4 17:40:25 UTC 2013 x86_64 x86_64 :Alert Count 1 :First Seen 2013-02-20 09:19:55 CST :Last Seen 2013-02-20 09:19:55 CST :Local ID 992f5f83-1881-4e4d-bed9-ece31d9a2057 : :Raw Audit Messages :type=AVC msg=audit(1361373595.506:83): avc: denied { ipc_owner } for pid=3363 comm="httpd" capability=15 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability : : :type=SYSCALL msg=audit(1361373595.506:83): arch=x86_64 syscall=semop success=no exit=EACCES a0=58009 a1=7fff08847a80 a2=1 a3=7fff088477a0 items=0 ppid=1 pid=3363 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null) : :Hash: httpd,httpd_t,httpd_t,capability,ipc_owner : :audit2allow : :#============= httpd_t ============== :#!!!! This avc is allowed in the current policy : :allow httpd_t self:capability ipc_owner; : :audit2allow -R : :#============= httpd_t ============== :#!!!! This avc is allowed in the current policy : :allow httpd_t self:capability ipc_owner; :
Created attachment 700098 [details] File: type
Created attachment 700099 [details] File: hashmarkername
How did you get this to happen? /* Override IPC ownership checks */ #define CAP_IPC_OWNER 15
This message is a reminder that Fedora 17 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 17. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '17'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 17's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 17 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior to Fedora 17's end of life. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.