logwatch avcs

Tom London selinux at gmail.com
Fri Jan 13 15:59:33 UTC 2006 

Running latest rawhide (selinux-policy-targeted-2.1.9-2), targeted/enforcing.

Should sbin_t:lnk_file included in corecmd_read_sbin_file(), ....?


type=PATH msg=audit(01/13/2006 07:39:38.361:43) : item=0 name=/selinux
flags=follow inode=327 dev=00:0d mode=dir,755 ouid=root ogid=root
rdev=00:00
type=CWD msg=audit(01/13/2006 07:39:38.361:43) :  cwd=/
type=AVC_PATH msg=audit(01/13/2006 07:39:38.361:43) :  path=/selinux
type=SYSCALL msg=audit(01/13/2006 07:39:38.361:43) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=8afdf68
a1=8aa20c8 a2=ae8ff4 a3=8afdf68 items=1 pid=3926
auid=unknown(4294967295) uid=root gid=root euid=root suid=root
fsuid=root egid=root sgid=root fsgid=root comm=perl exe=/usr/bin/perl
type=AVC msg=audit(01/13/2006 07:39:38.361:43) : avc:  denied  {
getattr } for pid=3926 comm=perl name=/ dev=selinuxfs ino=327
scontext=system_u:system_r:logwatch_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=dir
----
type=PATH msg=audit(01/13/2006 07:39:40.729:44) : item=0
name=/usr/sbin/ntpd flags=follow inode=135413 dev=fd:00 mode=file,755
ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/13/2006 07:39:40.729:44) :  cwd=/
type=AVC_PATH msg=audit(01/13/2006 07:39:40.729:44) :  path=/usr/sbin/ntpd
type=SYSCALL msg=audit(01/13/2006 07:39:40.729:44) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=9c7bf68
a1=9c200c8 a2=ae8ff4 a3=9c7bf68 items=1 pid=4198
auid=unknown(4294967295) uid=root gid=root euid=root suid=root
fsuid=root egid=root sgid=root fsgid=root comm=perl exe=/usr/bin/perl
type=AVC msg=audit(01/13/2006 07:39:40.729:44) : avc:  denied  {
getattr } for pid=4198 comm=perl name=ntpd dev=dm-0 ino=135413
scontext=system_u:system_r:logwatch_t:s0
tcontext=system_u:object_r:ntpd_exec_t:s0 tclass=file
----
type=PATH msg=audit(01/13/2006 07:39:41.081:45) : item=0
name=/usr/sbin/sendmail flags=follow,open inode=130890 dev=fd:00
mode=dir,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/13/2006 07:39:41.081:45) :  cwd=/
type=SYSCALL msg=audit(01/13/2006 07:39:41.081:45) : arch=i386
syscall=execve success=no exit=-13(Permission denied) a0=8057d63
a1=87d3604 a2=bfa400c8 a3=87d3604 items=1 pid=4213
auid=unknown(4294967295) uid=root gid=root euid=root suid=root
fsuid=root egid=root sgid=root fsgid=root comm=mail exe=/bin/mail
type=AVC msg=audit(01/13/2006 07:39:41.081:45) : avc:  denied  { read
} for  pid=4213 comm=mail name=sendmail dev=dm-0 ino=138949
scontext=system_u:system_r:logwatch_t:s0
tcontext=system_u:object_r:sbin_t:s0 tclass=lnk_file

--
Tom London

More information about the selinux mailing list