From mboxrd@z Thu Jan  1 00:00:00 1970
From: Bill Tangren <bjt@usno.navy.mil>
Subject: Re: "denied" error message
Date: Wed, 25 Jul 2007 16:03:23 -0400
Message-ID: <46A7AC8B.7020506@usno.navy.mil>
References: <46A79EB5.7050206@usno.navy.mil>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l6PK3U4h003438
	for <linux-audit@redhat.com>; Wed, 25 Jul 2007 16:03:30 -0400
Received: from aa.usno.navy.mil (beatrix.usno.navy.mil [198.116.61.254])
	by mx1.redhat.com (8.13.1/8.13.1) with ESMTP id l6PK3TZo032046
	for <linux-audit@redhat.com>; Wed, 25 Jul 2007 16:03:29 -0400
Received: from [10.1.5.58] (mach2.usno.navy.mil [10.1.5.58])
	by aa.usno.navy.mil (Postfix) with ESMTP id C50BC205697
	for <linux-audit@redhat.com>; Wed, 25 Jul 2007 16:03:23 -0400 (EDT)
In-Reply-To: <46A79EB5.7050206@usno.navy.mil>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Bill Tangren wrote:
> I have the following error message showing up in my audit logs. This is 
> on an SELinux-enabled web server (running RHEL ES 4, fully patched). 
> This is actually an selinux error, so if this not the correct place to 
> ask this question, please let me know.
> 

Never mind. I got at least a partial answer by googling NSA's selinux mailing 
list archive. I quote from one of those pages:

"Typically, that audit message suggests that kernel is translating PROT_READ 
requests by that binary to PROT_READ|PROT_EXECUTE in order to provide 
compatibility with "legacy" binaries that presumed read-implies-exec logic."

This is an old program that is calling shared libraries. It isn't hurting the 
program, but it is filling up my audit logs. I guess I'll leave it alone.

Thanks anyway.