Re: logwatch does not show disk usage of partitions mounted in /mnt

Dawid Gajownik <gajownik@xxxxxxxxx> · Thu, 23 Mar 2006 16:10:25 +0100

Dnia 03/22/2006 04:15 PM, Użytkownik Daniel J Walsh napisał:

First make sure this is all the access that it needs by running logwatch 
with setenforce 0.

Then send us the AVC messages, so we can update policy.

I run today my system in permissive mode and logwatch showed disk usage 
of all partitions mounted in /mnt. Here are AVC messages:

[root@X ~]# grep -i logwatch /var/log/messages
Mar 21 17:14:05 X kernel: audit(1142957645.904:32): avc:  denied  { 
search } for  pid=2588 comm="df" name="mnt" dev=hda5 ino=809601 
scontext=system_u:system_r:logwatch_t:s0 
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
Mar 21 17:14:05 X kernel: audit(1142957645.904:33): avc:  denied  { 
search } for  pid=2588 comm="df" name="mnt" dev=hda5 ino=809601 
scontext=system_u:system_r:logwatch_t:s0 
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
Mar 21 17:14:05 X kernel: audit(1142957645.904:34): avc:  denied  { 
search } for  pid=2588 comm="df" name="mnt" dev=hda5 ino=809601 
scontext=system_u:system_r:logwatch_t:s0 
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
Mar 21 17:14:05 X kernel: audit(1142957645.904:35): avc:  denied  { 
search } for  pid=2588 comm="df" name="mnt" dev=hda5 ino=809601 
scontext=system_u:system_r:logwatch_t:s0 
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
Mar 21 17:14:05 X kernel: audit(1142957645.904:36): avc:  denied  { 
search } for  pid=2588 comm="df" name="mnt" dev=hda5 ino=809601 
scontext=system_u:system_r:logwatch_t:s0 
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
Mar 21 17:14:05 X kernel: audit(1142957645.908:37): avc:  denied  { 
search } for  pid=2588 comm="df" name="mnt" dev=hda5 ino=809601 
scontext=system_u:system_r:logwatch_t:s0 
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
Mar 22 12:31:53 X kernel: audit(1143027113.272:34): avc:  denied  { 
search } for  pid=3307 comm="df" name="mnt" dev=hda5 ino=809601 
scontext=system_u:system_r:logwatch_t:s0 
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
Mar 22 12:31:53 X kernel: audit(1143027113.276:35): avc:  denied  { 
search } for  pid=3307 comm="df" name="mnt" dev=hda5 ino=809601 
scontext=system_u:system_r:logwatch_t:s0 
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
Mar 22 12:31:53 X kernel: audit(1143027113.276:36): avc:  denied  { 
search } for  pid=3307 comm="df" name="mnt" dev=hda5 ino=809601 
scontext=system_u:system_r:logwatch_t:s0 
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
Mar 22 12:31:53 X kernel: audit(1143027113.276:37): avc:  denied  { 
search } for  pid=3307 comm="df" name="mnt" dev=hda5 ino=809601 
scontext=system_u:system_r:logwatch_t:s0 
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
Mar 22 12:31:53 X kernel: audit(1143027113.276:38): avc:  denied  { 
search } for  pid=3307 comm="df" name="mnt" dev=hda5 ino=809601 
scontext=system_u:system_r:logwatch_t:s0 
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
Mar 22 12:31:53 X kernel: audit(1143027113.276:39): avc:  denied  { 
search } for  pid=3307 comm="df" name="mnt" dev=hda5 ino=809601 
scontext=system_u:system_r:logwatch_t:s0 
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
Mar 23 12:16:48 X kernel: audit(1143112608.114:7): avc:  denied  { 
search } for  pid=3333 comm="df" name="mnt" dev=hda5 ino=809601 
scontext=system_u:system_r:logwatch_t:s0 
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
[root@X ~]#

(Yes, I don't have auditd.)

You can also install a loadable module to allow this access by executing

grep logwatch /var/log/audit/audit.log | audit2allow -M logwatch
semodule -i logwatch.pp

I know about audit2allow, but this program sometimes allows to much. I 
wanted to ask about this issue developers of SELinux policy :)

Thanks,
	Dawid

--

  ^_*

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list