-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 03/24/2011 02:08 PM, Luciano Furtado wrote:
Hey Guys,
Any ideas why logrotate is trying to access /root as shown by the avc message bellow:
lrfurtado:~# ausearch -ts today
time->Thu Mar 24 06:25:45 2011 type=SYSCALL msg=audit(1300947945.464:26): arch=40000003 syscall=5 success=no exit=-13 a0=88404c0 a1=8000 a2=0 a3=8000 items=0 ppid=13192 pid=13193 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1300947945.464:26): avc: denied { search } for pid=13193 comm="logrotate" name="root" dev=xvda ino=401409 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unconfined_home_dir_t:s0 tclass=dir
is this the issue described here :
https://bugzilla.redhat.com/show_bug.cgi?id=471463
For now I have added :
allow logrotate_t unconfined_home_dir_t:dir search;
to my local module to shut up the avc messages. IS there any to stop logrotate from generating those AVC messages other then adding the allow rule above?
Best Regards. Luciano
- -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
If you are using a standard Fedora selinux policy package the /root directory should be labeled admin_home_t not user_home_dir_t?
rpm -q selinux-policy