Selinux is denying webalizer
Daniel J Walsh
dwalsh at redhat.com
Fri Sep 23 21:23:46 UTC 2005
Tomas Larsson wrote:
>Selinux is denying webalizer one logfile.
>
>I want webalizer to make a report of vsftps.log, but senlinux is denying
>webalizer access to the file, what to do?
>
>Webilizer is run as a cronjob as root.
>
>A snip from auth.log
>
> type=PATH msg=audit(1127509217.604:11185427): item=0 name="webalizer.conf"
>flags=401 inode=32641 dev=fd:00 mode=042777 ouid=0 ogid=0 rdev=00:00
>type=CRED_DISP msg=audit(1127509222.415:11193091): user pid=29417 uid=0
>auid=0 msg='PAM setcred: user=root exe="/usr/sbin/crond" (hostname=?,
>addr=?, terminal=cron result=Success)'
>type=USER_END msg=audit(1127509222.416:11193110): user pid=29417 uid=0
>auid=0 msg='PAM session close: user=root exe="/usr/sbin/crond" (hostname=?,
>addr=?, terminal=cron result=Success)'
>type=AVC msg=audit(1127509223.373:11195697): avc: denied { search } for
>pid=29635 comm="webalizer" name="root" dev=dm-0 ino=32641
>scontext=root:system_r:webalizer_t tcontext=root:object_r:user_home_dir_t
>tclass=dir
>type=SYSCALL msg=audit(1127509223.373:11195697): arch=40000003 syscall=33
>success=no exit=-13 a0=8060468 a1=0 a2=4a3ff4 a3=80617f0 items=1 pid=29635
>auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
>comm="webalizer" exe="/usr/bin/webalizer"
>type=CWD msg=audit(1127509223.373:11195697): cwd="/root"
>type=PATH msg=audit(1127509223.373:11195697): item=0 name="webalizer.conf"
>flags=401 inode=32641 dev=fd:00 mode=042777 ouid=0 ogid=0 rdev=00:00
>type=AVC msg=audit(1127509223.410:11195998): avc: denied { search } for
>pid=29637 comm="webalizer" name="root" dev=dm-0 ino=32641
>scontext=root:system_r:webalizer_t tcontext=root:object_r:user_home_dir_t
>tclass=dir
>type=SYSCALL msg=audit(1127509223.410:11195998): arch=40000003 syscall=33
>success=no exit=-13 a0=8060468 a1=0 a2=2fcff4 a3=80617f0 items=1 pid=29637
>auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
>comm="webalizer" exe="/usr/bin/webalizer"
>type=CWD msg=audit(1127509223.410:11195998): cwd="/root"
>type=PATH msg=audit(1127509223.410:11195998): item=0 name="webalizer.conf"
>flags=401 inode=32641 dev=fd:00 mode=042777 ouid=0 ogid=0 rdev=00:00
>type=AVC msg=audit(1127509223.413:11196024): avc: denied { read } for
>pid=29637 comm="webalizer" name="vsftpd.log" dev=dm-0 ino=1143800
>scontext=root:system_r:webalizer_t tcontext=system_u:object_r:xferlog_t
>tclass=file
>type=SYSCALL msg=audit(1127509223.413:11196024): arch=40000003 syscall=5
>success=no exit=-13 a0=8f6ff78 a1=8000 a2=1b6 a3=8f6f060 items=1 pid=29637
>auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
>comm="webalizer" exe="/usr/bin/webalizer"
>type=CWD msg=audit(1127509223.413:11196024): cwd="/root"
>type=PATH msg=audit(1127509223.413:11196024): item=0
>name="/var/log/vsftpd.log" flags=101 inode=1143800 dev=fd:00 mode=0100600
>ouid=0 ogid=0 rdev=00:00
>type=CRED_DISP msg=audit(1127509224.298:11197719): user pid=29420 uid=0
>auid=0 msg='PAM setcred: user=root exe="/usr/sbin/crond" (hostname=?,
>addr=?, terminal=cron result=Success)'
>type=USER_END msg=audit(1127509224.299:11197742): user pid=29420 uid=0
>auid=0 msg='PAM session close: user=root exe="/usr/sbin/crond" (hostname=?,
>addr=?, terminal=cron result=Success)'
>type=USER_ACCT msg=audit(1127509261.312:11221084): user pid=29715 uid=0
>auid=4294967295 msg='PAM accounting: user=root exe="/usr/sbin/crond"
>(hostname=?, addr=?, terminal=cron result=Success)'
>type=LOGIN msg=audit(1127509261.314:11221153): login pid=29715 uid=0 old
>auid=4294967295 new auid=0
>type=USER_START msg=audit(1127509261.314:11221159): user pid=29715 uid=0
>auid=0 msg='PAM session open: user=root exe="/usr/sbin/crond" (hostname=?,
>addr=?, terminal=cron result=Success)'
>type=CRED_ACQ msg=audit(1127509261.314:11221168): user pid=29715 uid=0
>auid=0 msg='PAM setcred: user=root exe="/usr/sbin/crond" (hostname=?,
>addr=?, terminal=cron result=Success)'
>type=CRED_DISP msg=audit(1127509261.328:11221481): user pid=29715 uid=0
>auid=0 msg='PAM setcred: user=root exe="/usr/sbin/crond" (hostname=?,
>addr=?, terminal=cron result=Success)'
>type=USER_END msg=audit(1127509261.329:11221500): user pid=29715 uid=0
>auid=0 msg='PAM session close: user=root exe="/usr/sbin/crond" (hostname=?,
>addr=?, terminal=cron result=Success)'
>
>
>With best regards
>
>Tomas Larsson
>Sweden
>
>Verus Amicus Est Tamquam Alter Idem
>
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
That seems legitimate. I will add to policy.
--
More information about the fedora-selinux-list
mailing list