cupsd accessing afick.log clamd.log freshclam.log
Daniel J Walsh
dwalsh at redhat.com
Mon Sep 25 15:02:50 UTC 2006
Vikram Goyal wrote:
> Hello,
>
> I am getting these avc denied messages. I am not sure if these should be
> incorporated in local policy.
>
> type=AVC msg=audit(1159051843.723:565): avc: denied { read write } for
> pid=14645 comm="cupsd" name="afick.log" dev=sda12 ino=643989
> scontext=user_u:system_r:cupsd_t:s0-s0:c0.c255
> tcontext=system_u:object_r:var_log_t:s0 tclass=file
>
> type=AVC msg=audit(1159051843.723:565): avc: denied { read write } for
> pid=14645 comm="cupsd" name="clamd.log" dev=sda12 ino=643867
> scontext=user_u:system_r:cupsd_t:s0-s0:c0.c255
> tcontext=root:object_r:clamd_var_log_t:s0 tclass=file
>
> type=AVC msg=audit(1159051843.723:565): avc: denied { read write } for
> pid=14645 comm="cupsd" name="freshclam.log" dev=sda12 ino=643915
> scontext=user_u:system_r:cupsd_t:s0-s0:c0.c255
> tcontext=root:object_r:var_log_t:s0 tclass=file
>
>
> audit2allow produces -
> allow cupsd_t clamd_var_log_t:file { read write };
> allow cupsd_t var_log_t:file { read write };
>
>
These look like leaked file descriptor. Most likely logrotate. Since
logrotate probably opens these files for r/w and it restarts cups.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205072
> The installed versions are:
> cups-1.2.3-1.6
> clamav-0.88.4-21.fc5.at
> afick-2.2-2.2.fc5.rf
>
> Thanks!
>
More information about the fedora-selinux-list
mailing list