Cheat Sheet

Sunday, April 2, 2017

Working CentOS with SeLinux and hugetlbfs

Recently i got this:

type=AVC msg=audit(1490657751.072:24243): avc:  denied  { write } for  pid=26274 comm="httpd" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=8360015 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:hugetlbfs_t:s0 tclass=file

One way to correct it, is like this:
setsebool -P httpd_execmem 1

grep hugetlbfs /var/log/audit/audit.log | audit2allow -M hugetlbfs
semodule -i hugetlbfs.pp

No comments:

Post a Comment