-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/21/2013 04:55 PM, m.roth@5-cent.us wrote:
Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/21/2013 04:50 PM, m.roth@5-cent.us wrote:
Daniel J Walsh wrote:
On 10/21/2013 04:28 PM, Daniel J Walsh wrote:
On 10/21/2013 04:24 PM, m.roth@5-cent.us wrote:
The sealert tells me that a file named index.cgi is running avc on sysfs_t. Is there any tool that would get me the *full* path of index.cgi, as there are several of them, for several websites (including bugzilla)?
CentOS 6.4.
You can turn on full auditing which should generate the path.
<snip> >> Or you can turn it on temporarily (Until next reboot) >> >> auditctl -w /etc/shadow > > Here is a blog I wrote on this a few years back. > > http://danwalsh.livejournal.com/34903.html?thread=220247
No joy, anywhere. I found some AVC's and looked at the inode... /dev/char/203.11. And the sealert tells me only (for example) SELinux is preventing /usr/bin/perl from read access on the file /sys/devices/system/node/node0/meminfo.
Obviously, index.cgi is in perl....
Well it would only happen after the next AVC.
Of course. I did the auditctl -w route, and a couple minutes later got new avc's, with the same result.
mark
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
No path record?