SELinux is preventing rsyslogd (syslogd_t) "read" to ./System.map-2.6.25-0.95.rc4.fc9 (system_map_t).
Antonio Olivares
olivares14031 at yahoo.com
Mon Mar 10 23:50:41 UTC 2008
--- Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Antonio Olivares wrote:
> > Dear all,
> >
> > Upon installing the updates of rawhide Report
> > 20080308, I got the following from
> setroubleshooter.
> >
> > Suggestions/Comments are welcome.
> >
> > Regards,
> >
> > Antonio
> >
> >
> > Summary:
> >
> > SELinux is preventing rsyslogd (syslogd_t) "read"
> to
> > ./System.map-2.6.25-0.95.rc4.fc9 (system_map_t).
> >
> > Detailed Description:
> >
> > SELinux denied access requested by rsyslogd. It is
> not
> > expected that this access
> > is required by rsyslogd and this access may signal
> an
> > intrusion attempt. It is
> > also possible that the specific version or
> > configuration of the application is
> > causing it to require additional access.
> >
> > Allowing Access:
> >
> > Sometimes labeling problems can cause SELinux
> denials.
> > You could try to restore
> > the default system file context for
> > ./System.map-2.6.25-0.95.rc4.fc9,
> >
> > restorecon -v './System.map-2.6.25-0.95.rc4.fc9'
> >
> > If this does not work, there is currently no
> automatic
> > way to allow this access.
> > Instead, you can generate a local policy module to
> > allow this access - see FAQ
> >
>
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)
> > Or you can disable
> > SELinux protection altogether. Disabling SELinux
> > protection is not recommended.
> > Please file a bug report
> >
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> > against this package.
> >
> > Additional Information:
> >
> > Source Context
> > unconfined_u:system_r:syslogd_t
> > Target Context
> > system_u:object_r:system_map_t
> > Target Objects
> > ./System.map-2.6.25-0.95.rc4.fc9 [ file ]
> > Source rsyslogd
> > Source Path /sbin/rsyslogd
> > Port <Unknown>
> > Host localhost
> > Source RPM Packages rsyslog-2.0.2-1.fc9
> > Target RPM Packages
> > Policy RPM
> > selinux-policy-3.3.1-12.fc9
> > Selinux Enabled True
> > Policy Type targeted
> > MLS Enabled True
> > Enforcing Mode Enforcing
> > Plugin Name catchall_file
> > Host Name localhost
> > Platform Linux localhost
> > 2.6.25-0.95.rc4.fc9 #1 SMP Thu Mar
> > 6 01:17:49 EST 2008
> i686
> > athlon
> > Alert Count 1
> > First Seen Sat 08 Mar 2008
> 07:58:10
> > AM CST
> > Last Seen Sat 08 Mar 2008
> 07:58:10
> > AM CST
> > Local ID
> > b9ac46d0-bfde-485c-8cec-2547c11a4daf
> > Line Numbers
> >
> > Raw Audit Messages
> >
> > host=localhost type=AVC
> msg=audit(1204984690.594:21):
> > avc: denied { read } for pid=2913
> comm="rsyslogd"
> > name="System.map-2.6.25-0.95.rc4.fc9" dev=sda3
> > ino=6052
> scontext=unconfined_u:system_r:syslogd_t:s0
> > tcontext=system_u:object_r:system_map_t:s0
> tclass=file
> >
> > host=localhost type=SYSCALL
> > msg=audit(1204984690.594:21): arch=40000003
> syscall=5
> > success=no exit=-13 a0=1357c0 a1=0 a2=1b6 a3=0
> items=0
> > ppid=2912 pid=2913 auid=500 uid=0 gid=0 euid=0
> suid=0
> > fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1
> > comm="rsyslogd" exe="/sbin/rsyslogd"
> > subj=unconfined_u:system_r:syslogd_t:s0 key=(null)
> >
> >
> >
> >
> >
> >
>
____________________________________________________________________________________
> > Never miss a thing. Make Yahoo your home page.
> > http://www.yahoo.com/r/hs
> >
> Please report as a bug for rsyslog.
Done! :)
https://bugzilla.redhat.com/show_bug.cgi?id=436895
Regards.
Antonio
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (GNU/Linux)
> Comment: Using GnuPG with Fedora -
> http://enigmail.mozdev.org
>
>
iEYEARECAAYFAkfVNHAACgkQrlYvE4MpobPC0ACfXzPTL4v72CXA0ACi1z+NATIt
> deUAn1JMk8xmNX6xVVRvSFNRRB5r+oBr
> =rkOM
> -----END PGP SIGNATURE-----
>
> --
> fedora-test-list mailing list
> fedora-test-list at redhat.com
> To unsubscribe:
>
https://www.redhat.com/mailman/listinfo/fedora-test-list
>
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
More information about the fedora-test-list
mailing list