-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Daniel,
Sorry I did not mention this earlier. This is a Debian machine. I was not aware that they had their own policies.
lrfurtado:~# dpkg -l | grep selinux ii libselinux1 2.0.65-5 SELinux shared libraries ii python-selinux 2.0.65-5 Python bindings to SELinux shared libraries ii selinux-basics 0.3.5 SELinux basic support ii selinux-policy-default 2:0.0.20080702-6 Strict and Targeted variants of the SELinux ii selinux-policy-dev 2:0.0.20080702-6 Headers from the SELinux reference policy fo ii selinux-utils 2.0.65-5 SELinux utility programs lrfurtado:~# dpkg -l | grep logrotate ii logrotate 3.7.1-5 Log rotation utility lrfurtado:~# cat /etc/debian_version 5.0.7 lrfurtado:~#
On 11-03-24 14:16, Daniel J Walsh wrote:
On 03/24/2011 02:08 PM, Luciano Furtado wrote:
Hey Guys,
Any ideas why logrotate is trying to access /root as shown by the avc message bellow:
lrfurtado:~# ausearch -ts today
time->Thu Mar 24 06:25:45 2011 type=SYSCALL msg=audit(1300947945.464:26): arch=40000003 syscall=5 success=no exit=-13 a0=88404c0 a1=8000 a2=0 a3=8000 items=0 ppid=13192 pid=13193 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1300947945.464:26): avc: denied { search } for pid=13193 comm="logrotate" name="root" dev=xvda ino=401409 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unconfined_home_dir_t:s0 tclass=dir
is this the issue described here :
For now I have added :
allow logrotate_t unconfined_home_dir_t:dir search;
to my local module to shut up the avc messages. IS there any to stop logrotate from generating those AVC messages other then adding the allow rule above?
Best Regards. Luciano