• 1

where did httpd try to write given this AVC?

time->Mon Sep 23 05:22:02 2013
type=SYSCALL msg=audit(1379928122.825:295): arch=c000003e syscall=2 success=no exit=-13 a0=7f95aae20c20 a1=242 a2=1b6 a3=0 items=0 ppid=14896 pid=14897 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1379928122.825:295): avc: denied { write } for pid=14897 comm="httpd" name="jk.shm.14897" dev=dm-0 ino=262746 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_log_t:s0 tclass=file

I see that httpd tries to write jk.shm.14897 but no idea which target directory it is using. Any ideas?

Re: where did httpd try to write given this AVC?

locate jk.shm.15897

Does not show anything?

You can turn on full auditing by executing

auditctl -w /etc/shadow

And then trigger another AVC.

Did you change any default labelling?

Re: where did httpd try to write given this AVC?

btw I've just hit this incomprehensible error:
time->Mon Sep 23 12:26:21 2013
type=USER_AVC msg=audit(1379953581.314:170): user pid=3316 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=2) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)'

Any idea what could have caused this?

P.S. do you see my previous message? It was marked as spam but I see it here.

Edited at 2013-09-24 04:20 pm (UTC)

  • 1

Log in