On Thu, 2010-04-08 at 17:24 +0200, Dominick Grift wrote:
> When I switched back to /var/log/ I forgot to redo the
restorecon.
> Sorry. Is that the reason?
May well be , yes .
see if you can reproduce.
also restorecon /etc/mlogc.conf
OK - With all that done, here are the latest AVCs:
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270740296.844:47355): avc: denied { dac_override }
for pid=10883 comm="mlogc" capability=1
scontext=unconfined_u:system_r:mlogc_t:s0 tcontext=unconfined_u:system_r:mlogc_t:s0
tclass=capability
node=troodos.org.uk type=SYSCALL msg=audit(1270740296.844:47355): arch=40000003 syscall=5
success=yes exit=6 a0=b772f170 a1=82c1 a2=1b6 a3=856 items=0 ppid=10852 pid=10883
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc"
subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270740436.982:47360): avc: denied { unix_write }
for pid=10883 comm="mlogc" key=0 scontext=unconfined_u:system_r:mlogc_t:s0
tcontext=unconfined_u:system_r:mlogc_t:s0 tclass=sem
node=troodos.org.uk type=AVC msg=audit(1270740436.982:47360): avc: denied { read write }
for pid=10883 comm="mlogc" key=0 scontext=unconfined_u:system_r:mlogc_t:s0
tcontext=unconfined_u:system_r:mlogc_t:s0 tclass=sem
node=troodos.org.uk type=SYSCALL msg=audit(1270740436.982:47360): arch=40000003
syscall=117 success=yes exit=0 a0=1 a1=698012 a2=1 a3=0 items=0 ppid=10852 pid=10883
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc"
subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270740436.982:47360): avc: denied { unix_write }
for pid=10883 comm="mlogc" key=0 scontext=unconfined_u:system_r:mlogc_t:s0
tcontext=unconfined_u:system_r:mlogc_t:s0 tclass=sem
node=troodos.org.uk type=AVC msg=audit(1270740436.982:47360): avc: denied { read write }
for pid=10883 comm="mlogc" key=0 scontext=unconfined_u:system_r:mlogc_t:s0
tcontext=unconfined_u:system_r:mlogc_t:s0 tclass=sem
node=troodos.org.uk type=SYSCALL msg=audit(1270740436.982:47360): arch=40000003
syscall=117 success=yes exit=0 a0=1 a1=698012 a2=1 a3=0 items=0 ppid=10852 pid=10883
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc"
subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270740627.436:47371): avc: denied { write } for
pid=10876 comm="httpd" name="20100408" dev=sda5 ino=492622
scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mlogc_var_log_t:s0
tclass=dir
node=troodos.org.uk type=AVC msg=audit(1270740627.436:47371): avc: denied { add_name } for
pid=10876 comm="httpd" name="20100408-1630"
scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mlogc_var_log_t:s0
tclass=dir
node=troodos.org.uk type=AVC msg=audit(1270740627.436:47371): avc: denied { create } for
pid=10876 comm="httpd" name="20100408-1630"
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=dir
node=troodos.org.uk type=SYSCALL msg=audit(1270740627.436:47371): arch=40000003 syscall=39
success=yes exit=0 a0=2d01a18 a1=1e8 a2=84a1e4 a3=2d019c0 items=0 ppid=10852 pid=10876
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none)
ses=4294967295 comm="httpd" exe="/usr/sbin/httpd"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270740627.436:47371): avc: denied { write } for
pid=10876 comm="httpd" name="20100408" dev=sda5 ino=492622
scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mlogc_var_log_t:s0
tclass=dir
node=troodos.org.uk type=AVC msg=audit(1270740627.436:47371): avc: denied { add_name } for
pid=10876 comm="httpd" name="20100408-1630"
scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mlogc_var_log_t:s0
tclass=dir
node=troodos.org.uk type=AVC msg=audit(1270740627.436:47371): avc: denied { create } for
pid=10876 comm="httpd" name="20100408-1630"
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=dir
node=troodos.org.uk type=SYSCALL msg=audit(1270740627.436:47371): arch=40000003 syscall=39
success=yes exit=0 a0=2d01a18 a1=1e8 a2=84a1e4 a3=2d019c0 items=0 ppid=10852 pid=10876
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none)
ses=4294967295 comm="httpd" exe="/usr/sbin/httpd"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270740627.436:47371): avc: denied { write } for
pid=10876 comm="httpd" name="20100408" dev=sda5 ino=492622
scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mlogc_var_log_t:s0
tclass=dir
node=troodos.org.uk type=AVC msg=audit(1270740627.436:47371): avc: denied { add_name } for
pid=10876 comm="httpd" name="20100408-1630"
scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mlogc_var_log_t:s0
tclass=dir
node=troodos.org.uk type=AVC msg=audit(1270740627.436:47371): avc: denied { create } for
pid=10876 comm="httpd" name="20100408-1630"
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=dir
node=troodos.org.uk type=SYSCALL msg=audit(1270740627.436:47371): arch=40000003 syscall=39
success=yes exit=0 a0=2d01a18 a1=1e8 a2=84a1e4 a3=2d019c0 items=0 ppid=10852 pid=10876
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none)
ses=4294967295 comm="httpd" exe="/usr/sbin/httpd"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270740627.461:47372): avc: denied { write } for
pid=10876 comm="httpd" name="20100408-1630" dev=sda5 ino=496009
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=dir
node=troodos.org.uk type=AVC msg=audit(1270740627.461:47372): avc: denied { add_name } for
pid=10876 comm="httpd" name="20100408-163027-S732jFIrkOUAACp8YkEAAAAB"
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=dir
node=troodos.org.uk type=AVC msg=audit(1270740627.461:47372): avc: denied { create } for
pid=10876 comm="httpd" name="20100408-163027-S732jFIrkOUAACp8YkEAAAAB"
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=file
node=troodos.org.uk type=AVC msg=audit(1270740627.461:47372): avc: denied { write } for
pid=10876 comm="httpd" name="20100408-163027-S732jFIrkOUAACp8YkEAAAAB"
dev=sda5 ino=496011 scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=file
node=troodos.org.uk type=SYSCALL msg=audit(1270740627.461:47372): arch=40000003 syscall=5
success=yes exit=19 a0=2d019c0 a1=8241 a2=1a0 a3=836 items=0 ppid=10852 pid=10876
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none)
ses=4294967295 comm="httpd" exe="/usr/sbin/httpd"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270740627.461:47372): avc: denied { write } for
pid=10876 comm="httpd" name="20100408-1630" dev=sda5 ino=496009
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=dir
node=troodos.org.uk type=AVC msg=audit(1270740627.461:47372): avc: denied { add_name } for
pid=10876 comm="httpd" name="20100408-163027-S732jFIrkOUAACp8YkEAAAAB"
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=dir
node=troodos.org.uk type=AVC msg=audit(1270740627.461:47372): avc: denied { create } for
pid=10876 comm="httpd" name="20100408-163027-S732jFIrkOUAACp8YkEAAAAB"
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=file
node=troodos.org.uk type=AVC msg=audit(1270740627.461:47372): avc: denied { write } for
pid=10876 comm="httpd" name="20100408-163027-S732jFIrkOUAACp8YkEAAAAB"
dev=sda5 ino=496011 scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=file
node=troodos.org.uk type=SYSCALL msg=audit(1270740627.461:47372): arch=40000003 syscall=5
success=yes exit=19 a0=2d019c0 a1=8241 a2=1a0 a3=836 items=0 ppid=10852 pid=10876
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none)
ses=4294967295 comm="httpd" exe="/usr/sbin/httpd"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270740627.461:47372): avc: denied { write } for
pid=10876 comm="httpd" name="20100408-1630" dev=sda5 ino=496009
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=dir
node=troodos.org.uk type=AVC msg=audit(1270740627.461:47372): avc: denied { add_name } for
pid=10876 comm="httpd" name="20100408-163027-S732jFIrkOUAACp8YkEAAAAB"
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=dir
node=troodos.org.uk type=AVC msg=audit(1270740627.461:47372): avc: denied { create } for
pid=10876 comm="httpd" name="20100408-163027-S732jFIrkOUAACp8YkEAAAAB"
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=file
node=troodos.org.uk type=AVC msg=audit(1270740627.461:47372): avc: denied { write } for
pid=10876 comm="httpd" name="20100408-163027-S732jFIrkOUAACp8YkEAAAAB"
dev=sda5 ino=496011 scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=file
node=troodos.org.uk type=SYSCALL msg=audit(1270740627.461:47372): arch=40000003 syscall=5
success=yes exit=19 a0=2d019c0 a1=8241 a2=1a0 a3=836 items=0 ppid=10852 pid=10876
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none)
ses=4294967295 comm="httpd" exe="/usr/sbin/httpd"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270740627.461:47372): avc: denied { write } for
pid=10876 comm="httpd" name="20100408-1630" dev=sda5 ino=496009
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=dir
node=troodos.org.uk type=AVC msg=audit(1270740627.461:47372): avc: denied { add_name } for
pid=10876 comm="httpd" name="20100408-163027-S732jFIrkOUAACp8YkEAAAAB"
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=dir
node=troodos.org.uk type=AVC msg=audit(1270740627.461:47372): avc: denied { create } for
pid=10876 comm="httpd" name="20100408-163027-S732jFIrkOUAACp8YkEAAAAB"
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=file
node=troodos.org.uk type=AVC msg=audit(1270740627.461:47372): avc: denied { write } for
pid=10876 comm="httpd" name="20100408-163027-S732jFIrkOUAACp8YkEAAAAB"
dev=sda5 ino=496011 scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:mlogc_var_log_t:s0 tclass=file
node=troodos.org.uk type=SYSCALL msg=audit(1270740627.461:47372): arch=40000003 syscall=5
success=yes exit=19 a0=2d019c0 a1=8241 a2=1a0 a3=836 items=0 ppid=10852 pid=10876
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none)
ses=4294967295 comm="httpd" exe="/usr/sbin/httpd"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
# ausearch -m AVC -ts recent | audit2allow -R
require {
type mlogc_var_log_t;
type mlogc_t;
type httpd_t;
class capability dac_override;
class sem { read write unix_write };
class dir { write create add_name };
class file { write create };
}
#============= httpd_t ==============
allow httpd_t mlogc_var_log_t:dir { write create add_name };
allow httpd_t mlogc_var_log_t:file { write create };
#============= mlogc_t ==============
allow mlogc_t self:capability dac_override;
allow mlogc_t self:sem { read write unix_write };
[root@troodos mlogc]# restorecon /etc/mlogc.conf