TechQA.

SELinux log reading

773 views Asked by At

I have this in my /var/log/audit/audit.log: type=AVC msg=audit(1482914283.060:32738716): avc: denied { open } for pid=26216 comm="top" path="/run/utmp" dev="tmpfs" ino=14431 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file

How can I prevent this ? I do not really understand the issue it points me to.

linux selinux
Original Q&A
2

There are 2 answers

0
Michael Vehrs On

Access is being denied to a program attempting to read a file due to the security context of that file. Change the context to get rid of the message.

Just guessing from the content of the entry, I would say this is not the regular top command, but some script used to display user statistics on a web page. Either that, or the source context is seriously broken.

0
mbtkasseria On

Check the ps -efZ | grep (26216 for your case) from command line. If the responsible process is meaningful for you, go over it. Add some selinux rules to policy file or use booleans to skip this violation.

Related Questions in LINUX

Related Questions in SELINUX

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions