From mboxrd@z Thu Jan  1 00:00:00 1970
From: Bill Tangren <bjt@usno.navy.mil>
Subject: "denied" error message
Date: Wed, 25 Jul 2007 15:04:21 -0400
Message-ID: <46A79EB5.7050206@usno.navy.mil>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx2.redhat.com (mx2.redhat.com [10.255.15.25])
	by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l6PJ4Sx2029471
	for <linux-audit@redhat.com>; Wed, 25 Jul 2007 15:04:29 -0400
Received: from aa.usno.navy.mil (beatrix.usno.navy.mil [198.116.61.254])
	by mx2.redhat.com (8.13.1/8.13.1) with ESMTP id l6PJ4QNv020784
	for <linux-audit@redhat.com>; Wed, 25 Jul 2007 15:04:27 -0400
Received: from [10.1.5.58] (mach2.usno.navy.mil [10.1.5.58])
	by aa.usno.navy.mil (Postfix) with ESMTP id A3CA2205697
	for <linux-audit@redhat.com>; Wed, 25 Jul 2007 15:04:21 -0400 (EDT)
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

I have the following error message showing up in my audit logs. This is on an 
SELinux-enabled web server (running RHEL ES 4, fully patched). This is actually 
an selinux error, so if this not the correct place to ask this question, please 
let me know.

**********
type=AVC msg=audit(1185389440.164:7579569): avc:  denied  { execute } for 
pid=26076 comm="aa_pap8" name="ld.so.cache" dev=md3 ino=2529627 
scontext=user_u:system_r:httpd_sys_script_t tcontext=root:object_r:ld_so_cache_t 
tclass=file

type=SYSCALL msg=audit(1185389440.164:7579569): arch=40000003 syscall=90 
per=400000 success=no exit=-13 a0=bffff074 a1=2 a2=a54fd4 a3=3 items=0 pid=26076 
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 
comm="aa_pap8" exe="/location/of/bin/aa_pap8"

type=AVC_PATH msg=audit(1185389440.164:7579569):  path="/etc/ld.so.cache"

**********

A web page of ours is calling a script that is calling this program 
/location/of/bin/aa_pap8. The security context on the program is

-rwxr-xr-x  apache   AA  system_u:object_r:httpd_sys_content_t  aa_pap8

The security context on ls.so.cache is

-rw-r--r--  root     root  root:object_r:ld_so_cache_t  /etc/ld.so.cache

Does anyone know why this error is occurring? The program is running correctly. 
I'd just like to know where the error is coming from.

Thanks,

Bill Tangren