Project

General

Profile

Actions

Bug #7198

closed

Socket read and write on RHEL7

Added by Lukas Zapletal over 10 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Category:
Packaging
Target version:
Difficulty:
easy
Triaged:
Fixed in Releases:
Found in Releases:

Description

time->Wed Aug 20 18:00:12 2014
type=SYSCALL msg=audit(1408572012.231:413): arch=c000003e syscall=59 success=yes exit=0 a0=7f86e7fcf748 a1=7fffcce946f0 a2=7fff
cce97570 a3=8 items=0 ppid=19658 pid=19659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) s
es=4294967295 comm="PassengerWatchd" exe="/usr/lib64/gems/ruby/passenger-4.0.18/agents/PassengerWatchdog" subj=system_u:system_
r:passenger_t:s0 key=(null)
type=AVC msg=audit(1408572012.231:413): avc:  denied  { noatsecure } for  pid=19659 comm="PassengerWatchd" scontext=system_u:sy
stem_r:httpd_t:s0 tcontext=system_u:system_r:passenger_t:s0 tclass=process
type=AVC msg=audit(1408572012.231:413): avc:  denied  { siginh } for  pid=19659 comm="PassengerWatchd" scontext=system_u:system
_r:httpd_t:s0 tcontext=system_u:system_r:passenger_t:s0 tclass=process
type=AVC msg=audit(1408572012.231:413): avc:  denied  { rlimitinh } for  pid=19659 comm="PassengerWatchd" scontext=system_u:sys
tem_r:httpd_t:s0 tcontext=system_u:system_r:passenger_t:s0 tclass=process
type=AVC msg=audit(1408572012.231:413): avc:  denied  { read write } for  pid=19659 comm="PassengerWatchd" path="socket:[98770]" dev="sockfs" ino=98770 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=unix_stream_socket

allow passenger_t httpd_t:unix_stream_socket { read write };

Related issues 1 (0 open1 closed)

Related to SELinux - Tracker #7249: Policy with workarounds for Foreman w/ KatelloClosedLukas Zapletal08/25/2014

Actions
Actions #1

Updated by Lukas Zapletal over 10 years ago

  • Bugzilla link set to 1132495
Actions #2

Updated by Dominic Cleal over 10 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-selinux/pull/30 added
  • Pull request deleted ()
Actions #3

Updated by Lukas Zapletal over 10 years ago

Correcting the AVC:

----
time->Wed Aug 20 17:59:40 2014
type=SYSCALL msg=audit(1408571980.864:397): arch=c000003e syscall=0 success=yes exit=1 a0=3 a1=7fff5d302860 a2=1 a3=0 items=0 ppid=19265 pid=19297 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="PassengerWatchd" exe="/usr/lib64/gems/ruby/passenger-4.0.18/agents/PassengerWatchdog" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1408571980.864:397): avc:  denied  { read } for  pid=19297 comm="PassengerWatchd" path="socket:[94029]" dev="sockfs" ino=94029 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=unix_stream_socket
----

Actions #4

Updated by Lukas Zapletal over 10 years ago

  • Related to Tracker #7249: Policy with workarounds for Foreman w/ Katello added
Actions #5

Updated by Dominic Cleal about 10 years ago

  • Translation missing: en.field_release set to 10
Actions #6

Updated by Anonymous about 10 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF