m.roth at 5-cent.us
2012-Sep-13 20:06 UTC
[CentOS] SELinux is preventing /bin/ps from search access
CentOS 6.3. *Just* updated, including most current selinux-policy and
selinux-policy-targeted. I'm getting tons of these, as in it's just
spitting them out when I tail -f /var/log/messages:
Sep 13 15:20:51 <server> setroubleshoot: SELinux is preventing /bin/ps
from search access on the directory @2. For complete SELinux messages. run
sealert -l d92ec78b-3897-4760-93c5-343a662fec67
Sep 13 15:20:51 <server> setroubleshoot: SELinux is preventing /bin/ps
from getattr access on the directory /proc/<pid>. For complete SELinux
messages. run sealert -l a9c9bf7d-d646-4c29-9fe6-ac61b6806f52
Sep 13 15:20:52 <server> setroubleshoot: SELinux is preventing /bin/ps
from search access on the directory 4417. For complete SELinux messages.
run sealert -l b321ab2d-0277-45c9-bc86-545f9ff6ff91
You can see how many of them there are from the timestamps.
Googling, I've seen other folks complain months ago, but no answers.
Anyone have a clue? (And yes, I've posted this to the selinux list, also.
I'm getting deluged in the logs, and would very, very much like to solve
this today.)
If selinux wasn't in permissive mode, something(s) would be dead.
mark
James B. Byrne
2012-Sep-14 17:31 UTC
[CentOS] SELinux is preventing /bin/ps from search access
On Thu, September 13, 2012 16:06, m.roth at 5-cent.us wrote:> CentOS 6.3. *Just* updated, including most current selinux-policy and > selinux-policy-targeted. I'm getting tons of these, as in it's just > spitting them out when I tail -f /var/log/messages: > Sep 13 15:20:51 <server> setroubleshoot: SELinux is preventing /bin/ps > from search access on the directory @2. For complete SELinux messages. > run > sealert -l d92ec78b-3897-4760-93c5-343a662fec67 > Sep 13 15:20:51 <server> setroubleshoot: SELinux is preventing /bin/ps > from getattr access on the directory /proc/<pid>. For complete SELinux > messages. run sealert -l a9c9bf7d-d646-4c29-9fe6-ac61b6806f52 > Sep 13 15:20:52 <server> setroubleshoot: SELinux is preventing /bin/ps > from search access on the directory 4417. For complete SELinux > messages. > run sealert -l b321ab2d-0277-45c9-bc86-545f9ff6ff91 > > You can see how many of them there are from the timestamps. > > Googling, I've seen other folks complain months ago, but no answers. > Anyone have a clue? (And yes, I've posted this to the selinux list, > also. > I'm getting deluged in the logs, and would very, very much like to > solve > this today.) > > If selinux wasn't in permissive mode, something(s) would be dead. > > mark >Are you running httpd with mod_rails (rails passenger) per chance? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Reasonably Related Threads
- Link_to image_tag popup
- Register Dataflow Analysis on X86
- Register Dataflow Analysis on X86
- Register Dataflow Analysis on X86
- asterisk 13.16 / pjsip / t.38: res_pjsip_t38.c:207 t38_automatic_reject: Automatically rejecting T.38 request on channel 'PJSIP/91-00000007'