Running current Rawhide, logrotate must have kicked in and generated lots of AVCs when in enforcing mode. All of them are for ptrace: #============= logrotate_t ============== allow logrotate_t NetworkManager_t:process ptrace; allow logrotate_t apmd_t:process ptrace; allow logrotate_t audisp_t:process ptrace; allow logrotate_t auditd_t:process ptrace; allow logrotate_t consolekit_t:process ptrace; allow logrotate_t crond_t:process ptrace; allow logrotate_t cupsd_t:process ptrace; allow logrotate_t dhcpc_t:process ptrace; allow logrotate_t entropyd_t:process ptrace; allow logrotate_t fsdaemon_t:process ptrace; allow logrotate_t getty_t:process ptrace; allow logrotate_t hald_t:process ptrace; allow logrotate_t init_t:process ptrace; allow logrotate_t initrc_t:process ptrace; allow logrotate_t klogd_t:process ptrace; allow logrotate_t mount_t:process ptrace; allow logrotate_t restorecond_t:process ptrace; allow logrotate_t self:capability sys_ptrace; allow logrotate_t self:process ptrace; allow logrotate_t setrans_t:process ptrace; allow logrotate_t setroubleshootd_t:process ptrace; allow logrotate_t sshd_t:process ptrace; allow logrotate_t syslogd_t:process ptrace; allow logrotate_t system_crond_t:process ptrace; allow logrotate_t udev_t:process ptrace; allow logrotate_t unconfined_t:process ptrace; allow logrotate_t xdm_t:process ptrace; allow logrotate_t xdm_xserver_t:process ptrace; Complete audit.log attached. tom -- Tom London
Attachment:
log.gz
Description: GNU Zip compressed data
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
