I’ve just been rebuilding something I wrote ages ago, using stack with lts-11.6 (so that I can use a recent Conduit). Part (not a part I was modifying) of the code runs as a CGI script, and I was horrified to find that when run by httpd it soaked up CPU like nobody’s business without producing any output. Running it at the command line worked fine, so I traced the problem via audit: type=AVC msg=audit(1529223103.790:1705516): avc: denied { read } for pid=36764 comm="ghc_ticker" path="[timerfd]" dev=anon_inodefs ino=4597 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:anon_inodefs_t:s0 tclass=file type=AVC msg=audit(1529223103.790:1705517): avc: denied { read } for pid=36764 comm="ghc_ticker" path="[timerfd]" dev=anon_inodefs ino=4597 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:anon_inodefs_t:s0 tclass=file The solution is to add an audit rule to allow that, but surely ghc_ticker shouldn’t be trying again so fast when whatever it is trying to do isn’t permitted? I don’t know what component ghc_ticker belongs to, so where should I report the problem? -- Jón Fairbairn Jon.Fairbairn@cl.cam.ac.uk