avc Dead-Letter? Fedora 10
Paul Howarth
paul at city-fan.org
Sun Jan 4 20:48:50 UTC 2009
On Sun, 04 Jan 2009 14:35:49 -0500
Daniel J Walsh <dwalsh at redhat.com> wrote:
> The problem here looks like logwatch did not transition to
> system_mail_t when running sendmail.
Funnily enough I've had a similar issue with logrotate not
transitioning to squid_t on Fedora 10:
type=AVC msg=audit(1231041733.717:646): avc: denied { read } for
pid=6892 comm="squid" name="squid.conf" dev=dm-6 ino=147637
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:squid_conf_t:s0 tclass=file type=SYSCALL
msg=audit(1231041733.717:646): arch=c000003e syscall=2 success=no
exit=-13 a0=7f8b4a6bb260 a1=0 a2=1b6 a3=7f8b48be47b0 items=0 ppid=6891
pid=6892 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=101 comm="squid" exe="/usr/sbin/squid"
subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)
The result of this is the following email when logrotate runs:
/etc/cron.daily/logrotate:
2009/01/04 04:02:13| ALERT: initgroups: unable to set groups for User
squid and Group 0 FATAL: Unable to open configuration
file: /etc/squid/squid.conf: (13) Permission denied Squid Cache
(Version 3.0.STABLE10): Terminated abnormally. CPU Usage: 0.032 seconds
= 0.009 user + 0.023 sys Maximum Resident Size: 0 KB
Page faults with physical i/o: 25
Paul.
More information about the fedora-selinux-list
mailing list