SELinux is preventing rsyslogd (syslogd_t) "read" to ./System.map-2.6.25-0.95.rc4.fc9 (system_map_t).

Antonio Olivares olivares14031 at yahoo.com
Mon Mar 10 23:50:41 UTC 2008 

--- Daniel J Walsh <dwalsh at redhat.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Antonio Olivares wrote:
> > Dear all, 
> > 
> > Upon installing the updates of rawhide Report
> > 20080308, I got the following from
> setroubleshooter.  
> > 
> > Suggestions/Comments are welcome.
> > 
> > Regards,
> > 
> > Antonio 
> > 
> > 
> > Summary:
> > 
> > SELinux is preventing rsyslogd (syslogd_t) "read"
> to
> > ./System.map-2.6.25-0.95.rc4.fc9 (system_map_t).
> > 
> > Detailed Description:
> > 
> > SELinux denied access requested by rsyslogd. It is
> not
> > expected that this access
> > is required by rsyslogd and this access may signal
> an
> > intrusion attempt. It is
> > also possible that the specific version or
> > configuration of the application is
> > causing it to require additional access.
> > 
> > Allowing Access:
> > 
> > Sometimes labeling problems can cause SELinux
> denials.
> > You could try to restore
> > the default system file context for
> > ./System.map-2.6.25-0.95.rc4.fc9,
> > 
> > restorecon -v './System.map-2.6.25-0.95.rc4.fc9'
> > 
> > If this does not work, there is currently no
> automatic
> > way to allow this access.
> > Instead, you can generate a local policy module to
> > allow this access - see FAQ
> >
>
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)
> > Or you can disable
> > SELinux protection altogether. Disabling SELinux
> > protection is not recommended.
> > Please file a bug report
> >
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> > against this package.
> > 
> > Additional Information:
> > 
> > Source Context               
> > unconfined_u:system_r:syslogd_t
> > Target Context               
> > system_u:object_r:system_map_t
> > Target Objects               
> > ./System.map-2.6.25-0.95.rc4.fc9 [ file ]
> > Source                        rsyslogd
> > Source Path                   /sbin/rsyslogd
> > Port                          <Unknown>
> > Host                          localhost
> > Source RPM Packages           rsyslog-2.0.2-1.fc9
> > Target RPM Packages           
> > Policy RPM                   
> > selinux-policy-3.3.1-12.fc9
> > Selinux Enabled               True
> > Policy Type                   targeted
> > MLS Enabled                   True
> > Enforcing Mode                Enforcing
> > Plugin Name                   catchall_file
> > Host Name                     localhost
> > Platform                      Linux localhost
> > 2.6.25-0.95.rc4.fc9 #1 SMP Thu Mar
> >                               6 01:17:49 EST 2008
> i686
> > athlon
> > Alert Count                   1
> > First Seen                    Sat 08 Mar 2008
> 07:58:10
> > AM CST
> > Last Seen                     Sat 08 Mar 2008
> 07:58:10
> > AM CST
> > Local ID                     
> > b9ac46d0-bfde-485c-8cec-2547c11a4daf
> > Line Numbers                  
> > 
> > Raw Audit Messages            
> > 
> > host=localhost type=AVC
> msg=audit(1204984690.594:21):
> > avc:  denied  { read } for  pid=2913
> comm="rsyslogd"
> > name="System.map-2.6.25-0.95.rc4.fc9" dev=sda3
> > ino=6052
> scontext=unconfined_u:system_r:syslogd_t:s0
> > tcontext=system_u:object_r:system_map_t:s0
> tclass=file
> > 
> > host=localhost type=SYSCALL
> > msg=audit(1204984690.594:21): arch=40000003
> syscall=5
> > success=no exit=-13 a0=1357c0 a1=0 a2=1b6 a3=0
> items=0
> > ppid=2912 pid=2913 auid=500 uid=0 gid=0 euid=0
> suid=0
> > fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1
> > comm="rsyslogd" exe="/sbin/rsyslogd"
> > subj=unconfined_u:system_r:syslogd_t:s0 key=(null)
> > 
> > 
> > 
> > 
> > 
> >      
>
____________________________________________________________________________________
> > Never miss a thing.  Make Yahoo your home page. 
> > http://www.yahoo.com/r/hs
> > 
> Please report as a bug for rsyslog.

Done! :)

https://bugzilla.redhat.com/show_bug.cgi?id=436895

Regards.

Antonio 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (GNU/Linux)
> Comment: Using GnuPG with Fedora -
> http://enigmail.mozdev.org
> 
>
iEYEARECAAYFAkfVNHAACgkQrlYvE4MpobPC0ACfXzPTL4v72CXA0ACi1z+NATIt
> deUAn1JMk8xmNX6xVVRvSFNRRB5r+oBr
> =rkOM
> -----END PGP SIGNATURE-----
> 
> -- 
> fedora-test-list mailing list
> fedora-test-list at redhat.com
> To unsubscribe: 
>
https://www.redhat.com/mailman/listinfo/fedora-test-list
> 



      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

More information about the fedora-test-list mailing list