logrotate with audit
Richard Hally
rhallyx at mindspring.com
Fri Mar 26 21:20:49 UTC 2004
Here are the avc denied messages from a logrotate in permissive mode
with auditing turned on.
Mar 26 16:04:20 old1 syslogd 1.4.1: restart.
Mar 26 16:04:20 old1 kernel: audit(1080335060.125:1634360):
syscall=94,0x3 items=0 pid=2626 ppid=2585 loginuid=-1 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
Mar 26 16:04:20 old1 kernel: audit(1080335060.126:1634369): avc:
denied { unlink } for pid=2626 exe=/usr/sbin/logrotate name=log.5
dev=hdc3 ino=834865 scontext=root:sysadm_r:logrotate_t
tcontext=system_u:object_r:slrnpull_spool_t tclass=file
Mar 26 16:04:20 old1 kernel: audit(1080335060.126:1634369):
syscall=10,0xfeec46dc items=1 pid=2626 ppid=2585 loginuid=-1 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
Mar 26 16:04:20 old1 kernel: audit(1080335060.126:1634369): item=0
name=/var/spool/slrnpull/log.5 inode=835221 dev=00:00
More information about the fedora-selinux-list
mailing list