LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-02-2006, 11:56 AM   #1
stonegu
LQ Newbie
 
Registered: Aug 2006
Posts: 2

Rep: Reputation: 0
Why audit:avc:denied for jk-runtime-status?


Hi everybody,

First of all I want to thank you for all the info you share to us. As a newbie in Linux socity, I found here is the best place to go

Ok, here is my system

Linux: Redhat Enterprise AS 4 Update 3
Apache: 2.0.52
Tomcat: 5.5.17
JK: tomcat-connectors-1.2.18-src
here is my problem
Today, I checked /var/log/messages and found this error:
Aug 2 10:26:33 localhost kernel: audit(1154528793.959:2): avc: denied { write } for pid=1954 comm="httpd" name="jk-runtime-status" dev=dm-0 ino=1293754 scontext=user_u:system_r:httpd_t tcontext=user_u: object_r:httpd_log_t tclass=file
I use ls -Z to check jk-runtime-status and found:
[root@linux1 conf]# ls -Z /var/log/httpd/
-rw-r--r-- root root user_u: object_r:httpd_log_t jk-runtime-status
-rw-r--r-- root root user_u: object_r:httpd_log_t jk-runtime-status.lock
-rw-r--r-- root root user_u: object_r:httpd_log_t mod_jk.log
Also found same results in /etc/httpd/logs/
[root@linux1 conf]# ls -Z /etc/httpd/logs/
-rw-r--r-- root root user_u: object_r:httpd_log_t jk-runtime-status
-rw-r--r-- root root user_u: object_r:httpd_log_t jk-runtime-status.lock
-rw-r--r-- root root user_u: object_r:httpd_log_t mod_jk.log
Any suggestion?
 
Old 08-10-2006, 09:19 PM   #2
stonegu
LQ Newbie
 
Registered: Aug 2006
Posts: 2

Original Poster
Rep: Reputation: 0
Any suggestion, please...
 
Old 04-13-2007, 03:21 PM   #3
gatsby
Member
 
Registered: Jan 2006
Posts: 59

Rep: Reputation: 16
Sounds like an issue with SELinux, alright. I ran into the same problem while integrating Tomcat and the Apache web server. I used the audit2allow command. (This was on RHEL5).

I first copied the raw audit entry into a temporary file named "avc.temp". In your case, you would copy the following into that file:

Quote:
avc: denied { write } for pid=1954 comm="httpd" name="jk-runtime-status" dev=dm-0 ino=1293754 scontext=user_u:system_r:httpd_t tcontext=user_u: object_r:httpd_log_t tclass=file
Then, I used audit2allow to read that entry in, where it automatically the created a SELinux policy I needed for jk-runtime-status.

Steps/Commands:

1) audit2allow -M local < avc.tmp
2) Your policy created! --> Policy is written to a local file named "local.pp"
3) semodule -i local.pp

You may need to temporarily set SELinux to permissive so that you can apply the policy contained in "local.pp". That should clear the problem you face with SELinux. It's much easier to do this than to go hunting around for incorrect file labels.

Last edited by gatsby; 04-13-2007 at 03:23 PM.
 
  


Reply

Tags
audit, avc, denied


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
audit cupsd denied message spooon Fedora 3 07-15-2006 09:25 PM
avc deny message when boot lsj Linux - Hardware 1 06-20-2006 12:45 PM
/var/log/messages - kernel: audit(1107868785.573:0): avc: denied { getattr } lothario Linux - Security 2 02-10-2005 04:24 AM
Adaptec AVC 1100 slothpuck Linux - Hardware 0 12-23-2004 04:32 PM
Audit Log Messages "denied" shortsword Linux - Newbie 0 10-03-2004 05:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration