kernel: audit(xxxxxxxxxxxxx): avc: denied - Help Please

[ryanz]

Hi,

I notice the following messages during startup and in /var/log/messages of a fresh PSA7.5 install on FC3 with RAID5. Does anyone have experience with these?

Jul 23 12:22:32 geforce kernel: audit(1122114147.445:0 : avc: denied { write } for pid=2038 exe=/usr/sbin/named name=named dev=md0 ino=8994918 scontext=user_u:system_r:named_t tcontext=rootbject_r:named_zone_t tclass=dir
Jul 23 12:22:32 geforce kernel: audit(1122114147.445:0 : avc: denied { add_name } for pid=2038 exe=/usr/sbin/named name=named.pid scontext=user_u:system_r:named_t tcontext=rootbject_r:named_zone_t tclass=dir
Jul 23 12:22:32 geforce kernel: audit(1122114147.445:0 : avc: denied { create } for pid=2038 exe=/usr/sbin/named name=named.pid scontext=user_u:system_r:named_t tcontext=user_ubject_r:named_zone_t tclass=file
Jul 23 12:22:32 geforce kernel: audit(1122114147.457:0 : avc: denied { write } for pid=2038 exe=/usr/sbin/named path=/var/run/named/named.pid dev=md0 ino=8994923 scontext=user_u:system_r:named_t tcontext=user_ubject_r:named_zone_t tclass=file
Jul 23 12:22:32 geforce kernel: audit(1122114147.652:0 : avc: denied { append } for pid=2077 exe=/sbin/syslogd name=maillog dev=md0 ino=9768713 scontext=user_u:system_r:syslogd_t tcontext=rootbject_r:usr_t tclass=file
Jul 23 12:22:32 geforce kernel: audit(1122114147.652:0 : avc: denied { ioctl } for pid=2077 exe=/sbin/syslogd path=/usr/local/psa/var/log/maillog dev=md0 ino=9768713 scontext=user_u:system_r:syslogd_t tcontext=rootbject_r:usr_t tclass=file
Jul 23 12:22:32 geforce kernel: audit(1122114152.891:0 : avc: denied { append } for pid=2467 exe=/usr/libexec/mysqld path=/var/log/mysqld.log dev=md0 ino=8914517 scontext=user_u:system_r:mysqld_t tcontext=rootbject_r:var_log_t tclass=file
Jul 23 12:22:33 geforce kernel: audit(1122114153.660:0 : avc: denied { getattr } for pid=2467 exe=/usr/libexec/mysqld path=/var/log/mysqld.log dev=md0 ino=8914517 scontext=user_u:system_r:mysqld_t tcontext=rootbject_r:var_log_t tclass=file

Jul 23 12:22:37 geforce kernel: audit(1122114157.742:0 : avc: denied { getattr } for pid=2579 exe=/bin/ps path=/proc/2467 dev=proc ino=161677314 scontext=user_u:system_r:httpd_sys_script_t tcontext=user_u:system_r:mysqld_t tclass=dir
Jul 23 12:22:37 geforce kernel: audit(1122114157.742:0 : avc: denied { search } for pid=2579 exe=/bin/ps name=2467 dev=proc ino=161677314 scontext=user_u:system_r:httpd_sys_script_t tcontext=user_u:system_r:mysqld_t tclass=dir
Jul 23 12:22:37 geforce kernel: audit(1122114157.742:0 : avc: denied { read } for pid=2579 exe=/bin/ps name=stat dev=proc ino=161677325 scontext=user_u:system_r:httpd_sys_script_t tcontext=user_u:system_r:mysqld_t tclass=file

Just keeps on......

Thanks,

 

[ryanz]

Here are some more of the messages in /var/log/messages


Jul 23 12:22:37 geforce kernel: audit(1122114157.749:0 : avc: denied { getattr } for pid=2579 exe=/bin/ps path=/proc/2553 dev=proc ino=167313410 scontext=user_u:system_r:httpd_sys_script_t tcontext=user_u:system_r:httpd_t tclass=dir
Jul 23 12:22:37 geforce kernel: audit(1122114157.749:0 : avc: denied { search } for pid=2579 exe=/bin/ps name=2553 dev=proc ino=167313410 scontext=user_u:system_r:httpd_sys_script_t tcontext=user_u:system_r:httpd_t tclass=dir
Jul 23 12:22:37 geforce kernel: audit(1122114157.750:0 : avc: denied { read } for pid=2579 exe=/bin/ps name=stat dev=proc ino=167313421 scontext=user_u:system_r:httpd_sys_script_t tcontext=user_u:system_r:httpd_t tclass=file
Jul 23 12:22:37 geforce kernel: audit(1122114157.784:0 : avc: denied { sys_nice } for pid=2581 exe=/bin/ps capability=23 scontext=user_u:system_r:httpd_sys_script_t tcontext=user_u:system_r:httpd_sys_script_t tclass=capability
Jul 23 12:22:37 geforce kernel: audit(1122114157.822:0 : avc: denied { add_name } for pid=2553 exe=/usr/sbin/httpd name=suidkey.2553 scontext=user_u:system_r:httpd_t tcontext=system_ubject_r:usr_t tclass=dir
Jul 23 12:22:37 geforce kernel: audit(1122114157.822:0 : avc: denied { create } for pid=2553 exe=/usr/sbin/httpd name=suidkey.2553 scontext=user_u:system_r:httpd_t tcontext=user_ubject_r:usr_t tclass=file
Jul 23 12:22:37 geforce kernel: audit(1122114157.822:0 : avc: denied { write } for pid=2553 exe=/usr/sbin/httpd path=/usr/local/frontpage/version5.0/apache-fp/suidkey.2553 dev=md0 ino=10029767 scontext=user_u:system_r:httpd_t tcontext=user_ubject_r:usr_t tclass=file
Jul 23 12:22:39 geforce psa: Starting Plesk: succeeded

 

[superbock]

disable SELINUX in /etc/sysconfig/selinux, reboot