SELinux is preventing httpd from using files /boot

SELinux is preventing httpd from using files /boot

by roger griffiths -
Number of replies: 3

I am running moodle 2.1.1 on a fully updated RHEL 6 box (php 5.3.3/mysql 5.1.52). For a month now I have been seeing selinux alerts in my logs/messages file to the effect:

SELinux is preventing /usr/sbin/httpd from using potentially mislabeled files /boot

I have observed that these alerts occur simultaneously with page hits on any moodle pages (from the httpd access_logs.)

I have only seen one other admin indicate that their moodle install was attempting to access the /boot partition on their server, so this is probably not a common problem (although one has to look in their logs to observer the problem, AND have SELinux set to enforcing).

 

To be clear the moodle install is operational. We have upgraded this moodle instance since ~release 1.4 and have had SELinux set to enforcing since about release 1.6. The sole issue is the fact that this moodle install is attempting to access files in our /boot partition. And that this is a new alert (the first occurrence was on June 21st 2011). I have even run grep '/boot' on every file in the moodle directory (and moodledata) and found no matches (for '/boot').

 

Any thoughts?

Average of ratings: -
In reply to roger griffiths

Re: SELinux is preventing httpd from using files /boot

by Michael Wheeler -

I'm running Moodle 2.2.3+ and I'm seeing the same thing on a RHEL 5 box. Have you learning anything new about the issue? According to my messages log this started on June 19th 2012 which is when I upgraded from 1.9.16 -> 1.9.18+ -> 2.2.3+

Average of ratings: -
In reply to Michael Wheeler

Re: SELinux is preventing httpd from using files /boot

by Ken Task -
Picture of Particularly helpful Moodlers

Do full backups of the web root and data directories + SQL dump of your DB, then ....

Sounds like both of you (RHEL 5 or 6) need to run as root user:

yum update [ENTER]

Assume your entitlements for updates are 'up to date'.  Might want to check that before issuing the yum command above.

Check the update list provided by yum before pressing 'y'.  Note updates to httpd, mysql, or php - just in case.

Might do a search on httpd logs for same date/time to see if there are request coming to server for such.

Got anything else running on them? WordPress, Joomla, etc.?

'spirit of sharing', Ken

Average of ratings: -
In reply to Ken Task

Re: SELinux is preventing httpd from using files /boot

by Ken Task -
Picture of Particularly helpful Moodlers

Hmmmm - adding to response :| sorry bout that.

In the log, it normally says something like (EXAMPLE):

blah … run sealert -l
then some long lowercase number/letter, etc. reference.

Might want to run the sealert command to see what it says - but not allow, of course.

By chance do either/both of you have phpmyadmin which hasn't been upgraded?

Got any 3rd party add-ons?

Run/administer several CentOS 5.x boxen which is a child to RHEL 5 and haven't seen any such on any of those.  Also run/administer a few RHEL 6's ... ditto.

'spirit of sharing', Ken

Average of ratings: -