logrotate problem
Daniel J Walsh
dwalsh at redhat.com
Wed Nov 12 14:09:20 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dr. Michael J. Chudobiak wrote:
> Hi all,
>
> I'm having problems running logrotate from cron. The emails say:
>
> /etc/cron.daily/logrotate:
> error: cannot open current directory: Permission denied
>
> logrotate tries to open ".", which works out to "/root". Sure enough,
> selinux is blocking access to admin_home_t:
>
> type=AVC msg=audit(1226489667.211:371): avc: denied { read } for
> pid=2291 comm="logrotate" name="root" dev=dm-0 ino=2162689
> scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
> type=SYSCALL msg=audit(1226489667.211:371): arch=40000003 syscall=5
> success=no exit=-13 a0=80525d3 a1=8000 a2=0 a3=8000 items=0 ppid=2289
> pid=2291 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> tty=(none) ses=39 comm="logrotate" exe="/usr/sbin/logrotate"
> subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)
>
>
>
> Is this a policy bug?
>
> An /.autorelabel didn't fix it.
>
> I'm using F10 rawhide.
>
>
> - Mike
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Is this standard config, or are you having logrotate look for something
in the /root directory?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkka45AACgkQrlYvE4MpobPQcgCcDu4F/30Yh0Oy/S7KytVSt0yy
54kAn2JISpIMCS5VBt0SwbQwofNTTsOK
=+LMz
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list