From: Daniel J Walsh dwalsh@redhat.com On 10/17/2012 01:22 PM, m.roth@5-cent.us wrote:
Daniel J Walsh wrote:
On 10/17/2012 11:48 AM, m.roth@5-cent.us wrote:
Did you check the label on /var/run/pcscd.pid? What is the actual avc you are seeing?
-rw-r--r--. root root system_u:object_r:pcscd_var_run_t:s0 /var/run/pcscd.pid
And the sealert shows just the catchall.
SELinux is preventing /usr/sbin/httpd from read access on the file /var/run/pcscd.pid.
***** Plugin catchall (100. confidence)
Can you execute
ausearch -m avc
And get the AVC's that way.
I was out yesterday, which is why I didn't get back to you before.
Yup, and get a ton of type=AVC msg=audit(1350608218.778:42990): avc: denied { read write } for pid=27757 comm="iptables" path="socket:[20864]" dev=sockfs ino=20864 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
mark