On Wed, 2009-06-17 at 15:13 -0400, Stephen Smalley wrote:
> On Wed, 2009-06-17 at 20:28 +0200, Jason Johnson wrote:
> > On Wed, Jun 17, 2009 at 2:26 PM, Stephen Smalley<sds@xxxxxxxxxxxxx> wrote:
> > >> >
> > > No, that would show up as a separate AVC, and would
> > > reference /selinux/null rather than /dev/null.
> > >
> > > Some entries in file_contexts are for other distributions and may not
> > > apply to your particular filesystem. That's ok - it doesn't do any
> > > harm.
> >
> > Oh, I knew that entry wouldn't do anything. I just meant that is the
> > closest connection I can see from syslog to logrotate.
> >
> > So is this entry a bug:
> >
> > kernel: [1298522.518701] type=1400 audit(1245126419.780:229): avc:
> > denied { use } for pid=29944 comm="syslog-ng" path="/dev/null"
> > dev=tmpfs ino=634 scontext=system_u:system_r:syslogd_t:s0
> > tcontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tclass=fd
> >
> > ?
>
> This just means that logrotate invoked syslog-ng while holding open a
> descriptor to /dev/null. Nothing more.
And I assume that's intentional, e.g. it is redirecting stdin, stdout,
stderr to /dev/null when invoking it. So you can just allow it in your
policy.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
