View Issue Details

IDProjectCategoryView StatusLast Update
0015680CentOS-7kernelpublic2019-04-30 16:19
Status newResolutionopen 
Product Version7.6.1810 
Target VersionFixed in Version 
Summary0015680: SeLinux Kernel (3.10.0-957.1.3) error
DescriptionI found an issue with the new kernel which block map access to /dev/zero for the pagespeed module. Here are the log :

Audit.log :
type=AVC msg=audit(1547031688.122:94): avc: denied { map } for pid=5257 comm="httpd" path="/dev/zero" dev="devtmpfs" ino=1030 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:zero_device_t:s0 tclass=chr_file permissive=0

http error log :
[Wed Jan 09 10:24:37.481133 2019] [pagespeed:error] [pid 5429] [mod_pagespeed @5429] Failed to mkdir /var/cache/mod_pagespeed/ purge /dBBL9jpbx73YIVsEhxe2.outputlock: No such file or directory

audit2allow :
# src="httpd_t" tgt="zero_device_t" class="chr_file", perms="map"
# comm="httpd" exe="" path="/dev/zero"
allow httpd_t zero_device_t:chr_file map;

I did not have this issue with the older kernel (3.10.0-862.14.4)
Steps To ReproducePurge the pagespeed cache
TagsNo tags attached.




2019-04-30 16:19

reporter   ~0034408

Could it be related to ?

# ausearch -c 'httpd' --raw | audit2allow -M my-httpd
# semodule -X 300 -i my-httpd.pp

The above incantations seems do do the trick.

Issue History

Date Modified Username Field Change
2019-01-09 09:37 agnaeux New Issue
2019-04-30 16:19 leifh Note Added: 0034408