SELinux is preventing rsyslogd (syslogd_t) "read" to ./System.map-2.6.25-0.95.rc4.fc9 (system_map_t).
Daniel J Walsh
dwalsh at redhat.com
Mon Mar 10 13:15:28 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> Dear all,
>
> Upon installing the updates of rawhide Report
> 20080308, I got the following from setroubleshooter.
>
> Suggestions/Comments are welcome.
>
> Regards,
>
> Antonio
>
>
> Summary:
>
> SELinux is preventing rsyslogd (syslogd_t) "read" to
> ./System.map-2.6.25-0.95.rc4.fc9 (system_map_t).
>
> Detailed Description:
>
> SELinux denied access requested by rsyslogd. It is not
> expected that this access
> is required by rsyslogd and this access may signal an
> intrusion attempt. It is
> also possible that the specific version or
> configuration of the application is
> causing it to require additional access.
>
> Allowing Access:
>
> Sometimes labeling problems can cause SELinux denials.
> You could try to restore
> the default system file context for
> ./System.map-2.6.25-0.95.rc4.fc9,
>
> restorecon -v './System.map-2.6.25-0.95.rc4.fc9'
>
> If this does not work, there is currently no automatic
> way to allow this access.
> Instead, you can generate a local policy module to
> allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)
> Or you can disable
> SELinux protection altogether. Disabling SELinux
> protection is not recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context
> unconfined_u:system_r:syslogd_t
> Target Context
> system_u:object_r:system_map_t
> Target Objects
> ./System.map-2.6.25-0.95.rc4.fc9 [ file ]
> Source rsyslogd
> Source Path /sbin/rsyslogd
> Port <Unknown>
> Host localhost
> Source RPM Packages rsyslog-2.0.2-1.fc9
> Target RPM Packages
> Policy RPM
> selinux-policy-3.3.1-12.fc9
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall_file
> Host Name localhost
> Platform Linux localhost
> 2.6.25-0.95.rc4.fc9 #1 SMP Thu Mar
> 6 01:17:49 EST 2008 i686
> athlon
> Alert Count 1
> First Seen Sat 08 Mar 2008 07:58:10
> AM CST
> Last Seen Sat 08 Mar 2008 07:58:10
> AM CST
> Local ID
> b9ac46d0-bfde-485c-8cec-2547c11a4daf
> Line Numbers
>
> Raw Audit Messages
>
> host=localhost type=AVC msg=audit(1204984690.594:21):
> avc: denied { read } for pid=2913 comm="rsyslogd"
> name="System.map-2.6.25-0.95.rc4.fc9" dev=sda3
> ino=6052 scontext=unconfined_u:system_r:syslogd_t:s0
> tcontext=system_u:object_r:system_map_t:s0 tclass=file
>
> host=localhost type=SYSCALL
> msg=audit(1204984690.594:21): arch=40000003 syscall=5
> success=no exit=-13 a0=1357c0 a1=0 a2=1b6 a3=0 items=0
> ppid=2912 pid=2913 auid=500 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1
> comm="rsyslogd" exe="/sbin/rsyslogd"
> subj=unconfined_u:system_r:syslogd_t:s0 key=(null)
>
>
>
>
>
> ____________________________________________________________________________________
> Never miss a thing. Make Yahoo your home page.
> http://www.yahoo.com/r/hs
>
Please report as a bug for rsyslog.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfVNHAACgkQrlYvE4MpobPC0ACfXzPTL4v72CXA0ACi1z+NATIt
deUAn1JMk8xmNX6xVVRvSFNRRB5r+oBr
=rkOM
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list