logrotate_t wants ptrace to the masses.... ;)

[Tom London]

Running current Rawhide, logrotate must have kicked in and generated
lots of AVCs when in enforcing mode.

All of them are for ptrace:


#============= logrotate_t ==============
allow logrotate_t NetworkManager_t:process ptrace;
allow logrotate_t apmd_t:process ptrace;
allow logrotate_t audisp_t:process ptrace;
allow logrotate_t auditd_t:process ptrace;
allow logrotate_t consolekit_t:process ptrace;
allow logrotate_t crond_t:process ptrace;
allow logrotate_t cupsd_t:process ptrace;
allow logrotate_t dhcpc_t:process ptrace;
allow logrotate_t entropyd_t:process ptrace;
allow logrotate_t fsdaemon_t:process ptrace;
allow logrotate_t getty_t:process ptrace;
allow logrotate_t hald_t:process ptrace;
allow logrotate_t init_t:process ptrace;
allow logrotate_t initrc_t:process ptrace;
allow logrotate_t klogd_t:process ptrace;
allow logrotate_t mount_t:process ptrace;
allow logrotate_t restorecond_t:process ptrace;
allow logrotate_t self:capability sys_ptrace;
allow logrotate_t self:process ptrace;
allow logrotate_t setrans_t:process ptrace;
allow logrotate_t setroubleshootd_t:process ptrace;
allow logrotate_t sshd_t:process ptrace;
allow logrotate_t syslogd_t:process ptrace;
allow logrotate_t system_crond_t:process ptrace;
allow logrotate_t udev_t:process ptrace;
allow logrotate_t unconfined_t:process ptrace;
allow logrotate_t xdm_t:process ptrace;
allow logrotate_t xdm_xserver_t:process ptrace;

Complete audit.log attached.

tom
-- 
Tom London
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log.gz
Type: application/x-gzip
Size: 4277 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080303/f72256d7/attachment.bin>