Re: logrotate accessing /root avc messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Daniel,

Sorry I did not mention this earlier. This is a Debian machine. I was
not aware that they had their own policies.

lrfurtado:~# dpkg -l | grep selinux
ii  libselinux1                           2.0.65-5
SELinux shared libraries
ii  python-selinux                        2.0.65-5
Python bindings to SELinux shared libraries
ii  selinux-basics                        0.3.5
SELinux basic support
ii  selinux-policy-default                2:0.0.20080702-6
Strict and Targeted variants of the SELinux
ii  selinux-policy-dev                    2:0.0.20080702-6
Headers from the SELinux reference policy fo
ii  selinux-utils                         2.0.65-5
SELinux utility programs
lrfurtado:~# dpkg -l | grep logrotate
ii  logrotate                             3.7.1-5                    Log
rotation utility
lrfurtado:~# cat /etc/debian_version
5.0.7
lrfurtado:~#

On 11-03-24 14:16, Daniel J Walsh wrote:
> On 03/24/2011 02:08 PM, Luciano Furtado wrote:
>> Hey Guys,
> 
> 
>> Any ideas why logrotate is trying to access /root as shown by the avc
>> message bellow:
> 
>> lrfurtado:~# ausearch -ts today
>> ----
>> time->Thu Mar 24 06:25:45 2011
>> type=SYSCALL msg=audit(1300947945.464:26): arch=40000003 syscall=5
>> success=no exit=-13 a0=88404c0 a1=8000 a2=0 a3=8000 items=0 ppid=13192
>> pid=13193 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
>> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="logrotate"
>> exe="/usr/sbin/logrotate"
>> subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)
>> type=AVC msg=audit(1300947945.464:26): avc:  denied  { search } for
>> pid=13193 comm="logrotate" name="root" dev=xvda ino=401409
>> scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023
>> tcontext=unconfined_u:object_r:unconfined_home_dir_t:s0 tclass=dir
> 
> 
> 
>> is this the issue described here :
> 
>>  https://bugzilla.redhat.com/show_bug.cgi?id=471463
> 
>> For now I have added :
> 
>> allow logrotate_t unconfined_home_dir_t:dir search;
> 
>> to my local module to shut up the avc messages. IS there any to stop
>> logrotate from generating those AVC messages other then adding the allow
>> rule above?
> 
> 
>> Best Regards.
>> Luciano
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNi6zAAAoJENgwSj9ZOOwrZ/4H/25s63SkrXOTYwOMWhRMvo4U
6vn0Ycj6/yA6vum3S1Lsa5Vx4hWyt86Qwt+ZQLxyIyeo68cw4hjQN6vkfKI5t234
55c1MpcccjvzaGTaQGXGR1E7k9KQSVeupXANBQKasyYtNOlieeI5cxnnQDldcwcM
KW6W89rXwhRX+tWt9fWpZjgH2H2kpO/swUc4WIgWtMYS6PCxTnfxfau6qin5H08l
K3ay+c90Un30Jwq9Cu7B6W9LVCO+z8PXms6UtxdjNh6gkwd6pS2YOZd4NGrPbimF
+bsyRdUcRjBTdyZB3GFotgZfQOUVawYMeYtUVsUJMyd/UlPEibKncUrTDx8GPyQ=
=fN/w
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux