Re: CentOS Digest, Vol 115, Issue 21

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thursday, August 21, 2014 12:00:03 centos-request@xxxxxxxxxx wrote:
> Re:  SELinux vs. logwatch and virsh
> From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
> To: CentOS mailing list <centos@xxxxxxxxxx>
> 
> On 08/18/2014 02:13 PM, Bill Gee wrote:
> > Hi Dan -
> > 
> > "ausearch -m avc -ts recent" produces no output.  If I run it as "ausearch
> > -f  virsh" then it produces output similar to this.  Each day's run of
> > logwatch produces three of these audit log entries.  The a1 and a2 values
> > are different for each entry, but everything else is the same.
> > 
> > ===============
> > time->Mon Aug 18 03:21:03 2014
> > type=SYSCALL msg=audit(1408350063.257:7492): arch=c000003e syscall=21 
> > success=no exit=-13 a0=11ee230 a1=4 a2=7fff722837b0 a3=7fff72283640
> > items=0  ppid=2815 pid=2816 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0
> > egid=0 sgid=0 fsgid=0 tty=(none) ses=981 comm="bash" exe="/usr/bin/bash"
> > subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null)
> > type=AVC msg=audit(1408350063.257:7492): avc:  denied  { read }
> > for  pid=2816  comm="bash" name="virsh" dev="dm-0" ino=135911290
> > scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 
> > tcontext=system_u:object_r:virsh_exec_t:s0 tclass=file
> > ===============
> > 
> > I thought about using audit2allow as you suggest.  The problem is then I
> > don't  really know what change is required.  What exactly will it
> > do?  And is there a guarantee that it will work?
> 
> logwatch is executing virsh probably to communicate with libvirt to
> rotate logs or something.  You can look in /etc/logrotate.d for a script
> with virsh to tell you what the command is trying to do.

Hi Dan -

I know EXACTLY what virsh is being called for.  I wrote the script!  It has 
nothing to do with logrotate.  I want virsh to tell logwatch what the status 
is of all virtual machines running on the host.  Logwatch will then include 
that in its daily summary report.  SELinux is getting in the way.

Regards - Bill Gee
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux