Project

General

Profile

Bug #7198

Socket read and write on RHEL7

Added by Lukas Zapletal over 6 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Category:
Packaging
Target version:
Difficulty:
easy
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

time->Wed Aug 20 18:00:12 2014
type=SYSCALL msg=audit(1408572012.231:413): arch=c000003e syscall=59 success=yes exit=0 a0=7f86e7fcf748 a1=7fffcce946f0 a2=7fff
cce97570 a3=8 items=0 ppid=19658 pid=19659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) s
es=4294967295 comm="PassengerWatchd" exe="/usr/lib64/gems/ruby/passenger-4.0.18/agents/PassengerWatchdog" subj=system_u:system_
r:passenger_t:s0 key=(null)
type=AVC msg=audit(1408572012.231:413): avc:  denied  { noatsecure } for  pid=19659 comm="PassengerWatchd" scontext=system_u:sy
stem_r:httpd_t:s0 tcontext=system_u:system_r:passenger_t:s0 tclass=process
type=AVC msg=audit(1408572012.231:413): avc:  denied  { siginh } for  pid=19659 comm="PassengerWatchd" scontext=system_u:system
_r:httpd_t:s0 tcontext=system_u:system_r:passenger_t:s0 tclass=process
type=AVC msg=audit(1408572012.231:413): avc:  denied  { rlimitinh } for  pid=19659 comm="PassengerWatchd" scontext=system_u:sys
tem_r:httpd_t:s0 tcontext=system_u:system_r:passenger_t:s0 tclass=process
type=AVC msg=audit(1408572012.231:413): avc:  denied  { read write } for  pid=19659 comm="PassengerWatchd" path="socket:[98770]" dev="sockfs" ino=98770 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=unix_stream_socket

allow passenger_t httpd_t:unix_stream_socket { read write };

Related issues

Related to SELinux - Tracker #7249: Policy with workarounds for Foreman w/ KatelloClosed2014-08-25

Associated revisions

Revision 0a4d60fa (diff)
Added by Lukas Zapletal about 6 years ago

Fixes #7198 - allowed httpd_t to read/write to passenger socket

History

#1 Updated by Lukas Zapletal over 6 years ago

  • Bugzilla link set to 1132495

#2 Updated by Dominic Cleal over 6 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-selinux/pull/30 added
  • Pull request deleted ()

#3 Updated by Lukas Zapletal over 6 years ago

Correcting the AVC:

----
time->Wed Aug 20 17:59:40 2014
type=SYSCALL msg=audit(1408571980.864:397): arch=c000003e syscall=0 success=yes exit=1 a0=3 a1=7fff5d302860 a2=1 a3=0 items=0 ppid=19265 pid=19297 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="PassengerWatchd" exe="/usr/lib64/gems/ruby/passenger-4.0.18/agents/PassengerWatchdog" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1408571980.864:397): avc:  denied  { read } for  pid=19297 comm="PassengerWatchd" path="socket:[94029]" dev="sockfs" ino=94029 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=unix_stream_socket
----

#4 Updated by Lukas Zapletal over 6 years ago

  • Related to Tracker #7249: Policy with workarounds for Foreman w/ Katello added

#5 Updated by Dominic Cleal about 6 years ago

  • Legacy Backlogs Release (now unused) set to 10

#6 Updated by Anonymous about 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF