Syslog and Selinux

Daniel J Walsh dwalsh at redhat.com
Fri Aug 27 13:46:39 UTC 2004 

Bob Chiodini wrote:

>Good Morning,
>
>I have not seen anything logged to the syslog (/var/log/messages) since
>the 24th.  I did not see anything searching the archives, but the search
>might not be working.
>
> The following error appears trying to start syslogd:
>
>Starting system logger: syslogd: error while loading shared libraries:
>libc.so.6: failed to map segment from shared object: Permission denied
>
>at the console:
>
> audit(1093612883.714:0): avc:  denied  { execute } for  pid=35
>82 path=/lib/tls/libc-2.3.3.so dev=hda2 ino=3993575 scontext=root:system_r:syslo
>gd_t tcontext=root:object_r:lib_t tclass=file
>audit(1093612883.718:0): avc:  denied  { execute } for  pid=3583 path=/lib/tls/l
>ibc-2.3.3.so dev=hda2 ino=3993575 scontext=root:system_r:syslogd_t tcontext=root
>:object_r:lib_t tclass=file
>audit(1093612883.723:0): avc:  denied  { execute } for  pid=3585 path=/lib/tls/l
>ibc-2.3.3.so dev=hda2 ino=3993575 scontext=root:system_r:syslogd_t tcontext=root
>:object_r:lib_t tclass=file
>
>FYI:  Pid 35 is pdflush
>
>I also noticed that portmapper gets a similar error:
>
>Starting portmap: portmap: error while loading shared libraries:
>libnsl.so.1: failed to map segment from shared object: Permission denied
>
>at the console:
>
>service portmap restart
>Stopping portmap: audit(1093613082.145:0): avc:  denied  { execute } for  pid=36
>11 path=/lib/tls/libc-2.3.3.so dev=hda2 ino=3993575 scontext=root:system_r:syslo
>gd_t tcontext=root:object_r:lib_t tclass=file
>                                                           [FAILED]
>Starting portmap: audit(1093613082.155:0): avc:  denied  { read write } for  pid
>=3615 exe=/sbin/portmap path=/dev/tty1 dev=hda2 ino=4115095 scontext=root:system
>_r:portmap_t tcontext=root:object_r:tty_device_t tclass=chr_file
>audit(1093613082.155:0): avc:  denied  { execute } for  pid=3615 path=/lib/libns
>l-2.3.3.so dev=hda2 ino=3993654 scontext=root:system_r:portmap_t tcontext=root:o
>bject_r:lib_t tclass=file
>audit(1093613082.159:0): avc:  denied  { execute } for  pid=3616 path=/lib/tls/l
>ibc-2.3.3.so dev=hda2 ino=3993575 scontext=root:system_r:syslogd_t tcontext=root
>:object_r:lib_t tclass=file
>portmap: error while loading shared libraries: libnsl.so.1: failed to map segmen
>t from shared object: Permission denied
>audit(1093613082.163:0): avc:  denied  { execute } for  pid=3618 path=/lib/tls/l
>ibc-2.3.3.so dev=hda2 ino=3993575 scontext=root:system_r:syslogd_t tcontext=root
>:object_r:lib_t tclass=file
>                                                           [FAILED]
>In this instance pid 36 is pdflush.
>
>Any help would be appreciated.
>
>Bob...
>  
>
restorecon /lib/tls/libc-2.3.3.so

will fix it, but how did the file get their with the wrong security context?

Dan

More information about the fedora-test-list mailing list