Re: [RFC] Obtaining PATH entry without audit userland

Thursday, 10 January 2008

On Thursday 10 January 2008 19:27:18 Yuichi Nakamura wrote:
...
 One example of AVC message in 2.6.24.rc1 is below.
 #Type is broken for testing, do not warry about that :)
 audit(946684824.060:5): avc:  denied  { read } for  pid=796 comm="httpd"
 name="index.html" dev=sda1 ino=61906 scontext=system_u:system_r:httpd_t
 tcontext=system_u:object_r:etc_shadow_t tclass=file audit(946684824.060:5):
 arch=2a syscall=5 per=800000 success=yes exit=5 a0=48d490 a1=0 a2=1b6
 a3=1b6 items=1 ppid=795 pid=796 auid=4294967295 uid=99 gid=99 euid=99
 suid=99 fsuid=99 egid=99 sgid=99 fsgid=99 tty=(none) comm="httpd"
 exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t key=(null)

 File name appears as name="index.html". 
How can we recreate the problem so that we can see what is going on?

Thanks,
-Steve

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [RFC] Obtaining PATH entry without audit userland