I am currently writing a policy file for an application which listens to
a particular port and also communicates with mysqld. During its start-up
(from a script executed in init.d) I am getting the following AVCs:
=================================
type=AVC msg=audit(1283028441.852:19): avc: denied { read } for
pid=1868 comm="voip_sandbox" path="pipe:[11951]" dev=pipefs ino=11951
scontext=unconfined_u:system_r:voip_sandbox_t:s0
tcontext=unconfined_u:system_r:voip_sandbox_t:s0 tclass=fifo_file
type=AVC msg=audit(1283028441.851:18): avc: denied { write } for
pid=1866 comm="voip_sandbox" path="pipe:[11951]" dev=pipefs ino=11951
scontext=unconfined_u:system_r:voip_sandbox_t:s0
tcontext=unconfined_u:system_r:voip_sandbox_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1283028441.852:19): arch=40000003 syscall=3
per=400000 success=no exit=-13 a0=6 a1=9d58864 a2=94 a3=0 items=0
ppid=1866 pid=1868 auid=0 uid=496 gid=496 euid=496 suid=496 fsuid=496
egid=496 sgid=496 fsgid=496 tty=(none) ses=1 comm="voip_sandbox"
exe="/usr/local/bin/voip_sandbox"
subj=unconfined_u:system_r:voip_sandbox_t:s0 key=(null)
type=SYSCALL msg=audit(1283028441.851:18): arch=40000003 syscall=4
per=400000 success=no exit=-13 a0=7 a1=bf894480 a2=94 a3=bf894480
items=0 ppid=1 pid=1866 auid=0 uid=496 gid=496 euid=496 suid=496
fsuid=496 egid=496 sgid=496 fsgid=496 tty=(none) ses=1
comm="voip_sandbox" exe="/usr/local/bin/voip_sandbox"
subj=unconfined_u:system_r:voip_sandbox_t:s0 key=(null)
type=AVC msg=audit(1283028441.863:20): avc: denied { write } for
pid=1866 comm="voip_sandbox" path="pipe:[11951]" dev=pipefs ino=11951
scontext=unconfined_u:system_r:voip_sandbox_t:s0
tcontext=unconfined_u:system_r:voip_sandbox_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1283028441.863:20): arch=40000003 syscall=4
per=400000 success=no exit=-13 a0=7 a1=bf8945c0 a2=94 a3=bf8945c0
items=0 ppid=1 pid=1866 auid=0 uid=496 gid=496 euid=496 suid=496
fsuid=496 egid=496 sgid=496 fsgid=496 tty=(none) ses=1
comm="voip_sandbox" exe="/usr/local/bin/voip_sandbox"
subj=unconfined_u:system_r:voip_sandbox_t:s0 key=(null)
=================================
Both pids 1868 and 1866 are related and spawned by the main application.
I take it there is a pipe which needs to be created and accessible to
both processes. How do I find out what pipe it is (name, location) and
how do I prevent this AVCs from happening? Many thanks!