Émeric Maschino wrote:
Hi,
I'm getting the following AVCs on my Itanium system
(selinux-policy-targeted-2.3.6-1). Are they also noticeable on other
architectures?
audit(1155148758.991:4): avc: denied { write } for pid=2382 comm="mingetty" n
ame="wtmp" dev=dm-0 ino=360636 scontext=system_u:system_r:getty_t:s0 tcontext=sy
stem_u:object_r:var_log_t:s0 tclass=file
audit(1155148758.991:5): avc: denied { write } for pid=2383 comm="mingetty" n
ame="wtmp" dev=dm-0 ino=360636 scontext=system_u:system_r:getty_t:s0 tcontext=sy
stem_u:object_r:var_log_t:s0 tclass=file
audit(1155148759.411:6): avc: denied { write } for pid=2384 comm="mingetty" n
ame="wtmp" dev=dm-0 ino=360636 scontext=system_u:system_r:getty_t:s0 tcontext=sy
stem_u:object_r:var_log_t:s0 tclass=file
audit(1155148759.627:7): avc: denied { write } for pid=2385 comm="mingetty" n
ame="wtmp" dev=dm-0 ino=360636 scontext=system_u:system_r:getty_t:s0 tcontext=sy
stem_u:object_r:var_log_t:s0 tclass=file
audit(1155148759.627:8): avc: denied { write } for pid=2381 comm="agetty" nam
e="wtmp" dev=dm-0 ino=360636 scontext=system_u:system_r:getty_t:s0 tcontext=syst
em_u:object_r:var_log_t:s0 tclass=file
audit(1155148760.063:9): avc: denied { write } for pid=2386 comm="mingetty" n
ame="wtmp" dev=dm-0 ino=360636 scontext=system_u:system_r:getty_t:s0 tcontext=sy
stem_u:object_r:var_log_t:s0 tclass=file
audit(1155148760.199:10): avc: denied { write } for pid=2387 comm="mingetty"
name="wtmp" dev=dm-0 ino=360636 scontext=system_u:system_r:getty_t:s0 tcontext=s
ystem_u:object_r:var_log_t:s0 tclass=file
logrotate was broken and changing the file context on /var/log/wtmp.
You can restore the context with restorecon /var/log/wtmp
Then if you update to the latest logrotate the problem should be fixed.
Cheers,
�meric
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
