"Daniel J Walsh wrote:"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 05/02/2012 12:26 AM, David Highley wrote:

...

Getting two avc's that trouble shooter indicates there is policy to allow the operations.

I believe the sebool "mysql_connect_any" may correct the following avc: time->Tue May 1 18:17:25 2012 type=SYSCALL msg=audit(1335921445.082:4514): arch=c000003e syscall=21 success=no exit=-13 a0=7f406ac5d9f0 a1=4 a2=7f406ac5d9fe a3=1c items=0 ppid=1 pid=24416 auid=4294967295 uid=27 gid=27 euid=27 suid=27 fsuid=27 egid=27 sgid=27 fsgid=27 tty=(none) ses=4294967295 comm="mysqld" exe="/usr/libexec/mysqld" subj=system_u:system_r:mysqld_t:s0 key=(null) type=AVC msg=audit(1335921445.082:4514): avc: denied { read } for pid=24416 comm="mysqld" name="unix" dev="proc" ino=4026532000 scontext=system_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=file

What policy were you using when you got this.

rpm -q selinux-policy

selinux-policy-3.10.0-84.fc16.noarch

...

But I have no clue which bool would correct the following: time->Tue May 1 19:01:13 2012 type=SYSCALL msg=audit(1335924073.146:4554): arch=c000003e syscall=59 success=yes exit=0 a0=f293b0 a1=f294b0 a2=f283b0 a3=18 items=0 ppid=25927 pid=25928 auid=4294967295 uid=989 gid=983 euid=989 suid=989 fsuid=989 egid=983 sgid=983 fsgid=983 tty=(none) ses=4294967295 comm="ldconfig" exe="/sbin/ldconfig" subj=system_u:system_r:ldconfig_t:s0 key=(null) type=AVC msg=audit(1335924073.146:4554): avc: denied { write } for pid=25928 comm="ldconfig" path=2F746D702F666669536752617269202864656C6574656429 dev="dm-1" ino=1836898 scontext=system_u:system_r:ldconfig_t:s0 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file

THis is a leaked file descriptor and probably not that important, can be safely ignored.

...

-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+hJiIACgkQrlYvE4MpobPstQCfchO+jZeC8PlULXfpuMYg1pE/ wQAAoJgIB6fZOITJgvF94SiVJEldENof =/X30 -----END PGP SIGNATURE-----

"Miroslav Grepl wrote:"

On 05/02/2012 12:57 PM, David Highley wrote:

...

"Daniel J Walsh wrote:"

...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 05/02/2012 12:26 AM, David Highley wrote:

...

Getting two avc's that trouble shooter indicates there is policy to allow the operations.

I believe the sebool "mysql_connect_any" may correct the following avc: time->Tue May 1 18:17:25 2012 type=SYSCALL msg=audit(1335921445.082:4514): arch=c000003e syscall=21 success=no exit=-13 a0=7f406ac5d9f0 a1=4 a2=7f406ac5d9fe a3=1c items=0 ppid=1 pid=24416 auid=4294967295 uid=27 gid=27 euid=27 suid=27 fsuid=27 egid=27 sgid=27 fsgid=27 tty=(none) ses=4294967295 comm="mysqld" exe="/usr/libexec/mysqld" subj=system_u:system_r:mysqld_t:s0 key=(null) type=AVC msg=audit(1335921445.082:4514): avc: denied { read } for pid=24416 comm="mysqld" name="unix" dev="proc" ino=4026532000 scontext=system_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=file

What policy were you using when you got this.

rpm -q selinux-policy

selinux-policy-3.10.0-84.fc16.noarch

Open a new bug please. Thank you.

Did some rechecking after setting the sebool for mysql and getting an application update. No longer see the issues here.

...

...

...

But I have no clue which bool would correct the following: time->Tue May 1 19:01:13 2012 type=SYSCALL msg=audit(1335924073.146:4554): arch=c000003e syscall=59 success=yes exit=0 a0=f293b0 a1=f294b0 a2=f283b0 a3=18 items=0 ppid=25927 pid=25928 auid=4294967295 uid=989 gid=983 euid=989 suid=989 fsuid=989 egid=983 sgid=983 fsgid=983 tty=(none) ses=4294967295 comm="ldconfig" exe="/sbin/ldconfig" subj=system_u:system_r:ldconfig_t:s0 key=(null) type=AVC msg=audit(1335924073.146:4554): avc: denied { write } for pid=25928 comm="ldconfig" path=2F746D702F666669536752617269202864656C6574656429 dev="dm-1" ino=1836898 scontext=system_u:system_r:ldconfig_t:s0 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file

THis is a leaked file descriptor and probably not that important, can be safely ignored.

...

-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+hJiIACgkQrlYvE4MpobPstQCfchO+jZeC8PlULXfpuMYg1pE/ wQAAoJgIB6fZOITJgvF94SiVJEldENof =/X30 -----END PGP SIGNATURE-----

-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux