On 12/16/2017 12:04 AM, Chris Murphy wrote:
Fedora 27 workstation. I'm getting selinux AVC denial messages in the
journal as a result of user-1000.journal having label
system_u:object_r:unlabeled_t:s0. It's the only log file with that
label, the other files and the directory its in have
system_u:object_r:var_log_t:s0.
The AVC message of course go away if I relabel /var/log/journal but
then maybe two weeks later the problem starts happening again when the
log gets rotated. For whatever reason this is not happening with the
system.journal.
Dec 15 15:54:47 f27h.localdomain audit[640]: AVC avc: denied { read
write } for pid=640 comm="systemd-journal" name="user-1000.journal"
dev="nvme0n1p9" ino=1174 scontext=system_u:system_r:syslogd_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
Is this a systemd or selinux-policy bug? Or other?
Michal, what you think about this?
How is the user-100.journal file created? It's end up as unlabeled_t so
some actions during early state of booting system?
Thanks,
Lukas.
--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx