Hello all,
I am using SELinux on the latest debian. It has a few access
violations here and there, but the one that concerns me most is:
kernel: [1298522.518701] type=1400 audit(1245126419.780:229): avc:
denied { use } for pid=29944 comm="syslog-ng" path="/dev/null"
dev=tmpfs ino=634 scontext=system_u:system_r:syslogd_t:s0
tcontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tclass=fd
/dev/null is:
# semanage fcontext -l|grep null_device_t
/dev/null character device
system_u:object_r:null_device_t:s0
/dev/full character device
system_u:object_r:null_device_t:s0
I don't see a way with semanage to set anything about class "fd" and
sesearch didn't seem to turn anything up. How could /dev/null fd be
in context logrotate_t?
I could just add an allow for this on a local module, but my concern
is: can a user program just set arbitrary fd's to it's own target
context as well?
I appreciate any insight you all can give.
Sincerely,
Jason
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
