2017-03-23 18:18 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0012897CentOS-7selinux-policypublic2017-03-15 18:44
Reportermexuru 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusnewResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0012897: SELinux is preventing /usr/sbin/httpd from using the 'execmem' accesses on a process.
DescriptionDescription of problem:
No lo se.
SELinux is preventing /usr/sbin/httpd from using the 'execmem' accesses on a process.

***** Plugin catchall_boolean (89.3 confidence) suggests ******************

If quiere allow httpd to execmem
Then debe informar a SELinux de ésto activando el booleano 'httpd_execmem'.
Puede leer la página de manual 'None' para más detalles.
Do
setsebool -P httpd_execmem 1

***** Plugin catchall (11.6 confidence) suggests **************************

If cree que de manera predeterminada, httpd debería permitir acceso execmem sobre procesos etiquetados como httpd_t.
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
Do
allow this access for now by executing:
# ausearch -c 'httpd' --raw | audit2allow -M my-httpd
# semodule -i my-httpd.pp

Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context system_u:system_r:httpd_t:s0
Target Objects Unknown [ process ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host (removed)
Source RPM Packages httpd-2.4.6-45.el7.centos.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-102.el7_3.13.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-514.6.2.el7.x86_64 #1 SMP
                              Thu Feb 23 03:04:39 UTC 2017 x86_64 x86_64
Alert Count 335
First Seen 2017-01-16 17:32:23 CST
Last Seen 2017-02-27 12:21:59 CST
Local ID ce0631c0-17c3-4f46-84d5-29649ae145a3

Raw Audit Messages
type=AVC msg=audit(1488219719.241:3381): avc: denied { execmem } for pid=19494 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=process


type=SYSCALL msg=audit(1488219719.241:3381): arch=x86_64 syscall=mmap success=no exit=EACCES a0=0 a1=10000 a2=7 a3=22 items=0 ppid=1020 pid=19494 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)

Hash: httpd,httpd_t,httpd_t,process,execmem

Version-Release number of selected component:
selinux-policy-3.13.1-102.el7_3.13.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.6.2.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash384b688cac7d3c24d943c5cf04ba068e99598360b37bc75f799775cf349d56ce
URL
Attached Files

-Relationships
+Relationships

-Notes

~0028701

minimoo (reporter)

(you'll have to excuse me if this isn't a helpful question as i'm new-ish to centos) - but are you running php 7 with this apache version - there has been some dicussion around Fedora+PHP generating a similar warning. see https://bugzilla.redhat.com/show_bug.cgi?id=1398474 - this may be irrelevant for this case.

~0028870

mexuru (reporter)

Another user experienced a similar problem:

Utilizando el servidor httpd.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-514.10.2.el7.x86_64
package: selinux-policy-3.13.1-102.el7_3.15.noarch
reason: SELinux is preventing /usr/sbin/httpd from using the 'execmem' accesses on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
+Notes

-Issue History
Date Modified Username Field Change
2017-02-27 18:59 mexuru New Issue
2017-02-27 19:27 minimoo Note Added: 0028701
2017-03-15 18:44 mexuru Note Added: 0028870
+Issue History