AVCs from cron.daily (F9)

Paul Howarth paul at city-fan.org
Tue Jun 3 09:14:06 UTC 2008

On my work box, which is an up-to-date F9 install, I get a set of AVCs 
from cron.daily every day, which I don't get on my home boxes. I suspect 
it's because we use LDAP auth at work. It boils down to this when passed 
through audit2allow -R:

require {
	type logwatch_t;
	type locate_t;
	type tmpreaper_t;
	type logrotate_t;

#============= locate_t ==============

#============= logrotate_t ==============

#============= logwatch_t ==============

#============= tmpreaper_t ==============

Sample AVC:
time->Tue Jun  3 05:05:05 2008
type=SYSCALL msg=audit(1212465905.734:5714): arch=c000003e syscall=59 
success=yes exit=0 a0=25545d0 a1=2551360 a2=25539a0 a3=8 items=0 
ppid=12101 pid=12134 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 
sgid=0 fsgid=0 tty=(none) ses=605 comm="tmpwatch" 
subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1212465905.734:5714): avc:  denied  { read write } 
for  pid=12134 comm="tmpwatch" path="socket:[24785059]" dev=sockfs 
ino=24785059 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 
tcontext=unconfined_u:system_r:crond_t:s0-s0:c0.c1023 tclass=tcp_socket


More information about the selinux mailing list