selinux and logrotate

Sun Jul 12 14:18:53 UTC 2009

The usual Sunday messages from logrotate


type=AVC msg=audit(1247359025.656:207): avc:  denied  { write } for 
pid=4050 comm="touch" name="run" dev=dm-0 ino=2328 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_run_t:s0 tclass=dir
type=AVC msg=audit(1247359025.656:207): avc:  denied  { add_name } for 
pid=4050 comm="touch" name="boinc_was_running" 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_run_t:s0 tclass=dir
type=AVC msg=audit(1247359025.656:207): avc:  denied  { create } for 
pid=4050 comm="touch" name="boinc_was_running" 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1247359025.656:207): avc:  denied  { write } for 
pid=4050 comm="touch" name="boinc_was_running" dev=dm-0 ino=32398 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1247359036.907:209): avc:  denied  { write } for 
pid=4083 comm="rm" name="run" dev=dm-0 ino=2328 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_run_t:s0 tclass=dir
type=AVC msg=audit(1247359036.907:209): avc:  denied  { remove_name } 
for  pid=4083 comm="rm" name="boinc_was_running" dev=dm-0 ino=32398 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_run_t:s0 tclass=dir
type=AVC msg=audit(1247359036.907:209): avc:  denied  { unlink } for 
pid=4083 comm="rm" name="boinc_was_running" dev=dm-0 ino=32398 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1247387947.765:1718): avc:  denied  { write } for 
pid=13930 comm="touch" name="run" dev=dm-0 ino=2328 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_run_t:s0 tclass=dir
type=AVC msg=audit(1247387947.765:1718): avc:  denied  { add_name } for 
  pid=13930 comm="touch" name="boinc_was_running" 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_run_t:s0 tclass=dir
type=AVC msg=audit(1247387947.765:1718): avc:  denied  { create } for 
pid=13930 comm="touch" name="boinc_was_running" 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1247387947.765:1718): avc:  denied  { write } for 
pid=13930 comm="touch" name="boinc_was_running" dev=dm-0 ino=373 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1247387959.031:1720): avc:  denied  { remove_name } 
for  pid=13966 comm="rm" name="boinc_was_running" dev=dm-0 ino=373 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_run_t:s0 tclass=dir
type=AVC msg=audit(1247387959.031:1720): avc:  denied  { unlink } for 
pid=13966 comm="rm" name="boinc_was_running" dev=dm-0 ino=373 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_run_t:s0 tclass=file


-- 

   Steve