Description of problem: SELinux is preventing /usr/sbin/httpd from 'read' accesses on the lnk_file /etc/httpd/logs. ***** Plugin catchall (100. confidence) suggests *************************** If vous pensez que httpd devrait être autorisé à accéder read sur logs lnk_file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep httpd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:certwatch_t:s0-s0:c0.c1023 Target Context system_u:object_r:httpd_log_t:s0 Target Objects /etc/httpd/logs [ lnk_file ] Source httpd Source Path /usr/sbin/httpd Port <Inconnu> Host (removed) Source RPM Packages httpd-2.4.4-5.fc20.x86_64 Target RPM Packages httpd-2.4.4-5.fc20.x86_64 Policy RPM selinux-policy-3.12.1-41.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.10.0-0.rc0.git21.1.fc20.x86_64 #1 SMP Tue May 7 19:47:51 UTC 2013 x86_64 x86_64 Alert Count 3 First Seen 2013-05-08 12:36:03 CEST Last Seen 2013-05-10 03:10:03 CEST Local ID be1872d4-3ab2-42c2-aa69-f28b4aecaf31 Raw Audit Messages type=AVC msg=audit(1368148203.356:9364): avc: denied { read } for pid=1593 comm="httpd" name="logs" dev="dm-0" ino=524596 scontext=system_u:system_r:certwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_log_t:s0 tclass=lnk_file type=SYSCALL msg=audit(1368148203.356:9364): arch=x86_64 syscall=stat success=yes exit=0 a0=7fd421710210 a1=7fffffcc5010 a2=7fffffcc5010 a3=6 items=0 ppid=1592 pid=1593 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=318 tty=(none) comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:certwatch_t:s0-s0:c0.c1023 key=(null) Hash: httpd,certwatch_t,httpd_log_t,lnk_file,read audit2allow #============= certwatch_t ============== allow certwatch_t httpd_log_t:lnk_file read; audit2allow -R require { type httpd_log_t; type certwatch_t; class lnk_file read; } #============= certwatch_t ============== allow certwatch_t httpd_log_t:lnk_file read; Additional info: hashmarkername: setroubleshoot kernel: 3.10.0-0.rc0.git24.1.fc20.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 961710 ***