Reputation: 1
SELinux log reading
I have this in my /var/log/audit/audit.log: type=AVC msg=audit(1482914283.060:32738716): avc: denied { open } for pid=26216 comm="top" path="/run/utmp" dev="tmpfs" ino=14431 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
How can I prevent this ? I do not really understand the issue it points me to.
Upvotes: 0
Views: 1063
Answers (2)
Reputation: 21
Check the ps -efZ | grep (26216 for your case) from command line. If the responsible process is meaningful for you, go over it. Add some selinux rules to policy file or use booleans to skip this violation.
Upvotes: 0
Reputation: 3363
Access is being denied to a program attempting to read a file due to the security context of that file. Change the context to get rid of the message.
Just guessing from the content of the entry, I would say this is not the regular top command, but some script used to display user statistics on a web page. Either that, or the source context is seriously broken.
Upvotes: 0
Related Questions
- SElinux Android message interpretation
- Read SELinux in Android device
- SEBool Persistent Values
- Grep redirection is pulling more information that I want in log.txt
- Check SeLinux Status
- syslog-ng read file permission denied
- what is c512,c768 of selinux process
- SElinux integrety check
- Nginx can't create log files
- Android SELinux errors in logcat