bloody links!
Mr Dash Four
mr.dash.four at googlemail.com
Thu Jul 1 22:53:42 UTC 2010
>> type=1400 audit(1277908958.656.4): avc: denied { read } for pid=906
>> comm="rsyslogd" name="log" dev=dm-0 ino=16386
>> scontext=system_u:system_r:syslogd_t:s0
>> tcontext=unconfined_u:object_r:var_t:s0 tclass=lnk_file
>>
>> There is a similar one with "mingetty" as well, but
>> scontext=system_u:system_r:getty_t:s0
>>
>
> This symlink is mislabeled. What/who created it? if you , yourself
> created it, then you may be able to make things work by labeling the
> symlink type bin_t or type var_log_t, provided that the source of the
> interaction (in this case syslogd_t and getty_t) have access to the
> target of the symlink.
>
Up until yesterday I used this on the real partition and it worked.
Today, after deploying a new version I am getting the same errors again
in addition to another (similar) error during console login:
===from dmesg as /var/log/messages does not exist as access is denied===
type=1400 audit(1278020473.778:4): avc: denied { read } for pid=914
comm="rsyslogd" name="log" dev=dm-0 ino=6188
scontext=system_u:system_r:syslogd_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=lnk_file
type=1400 audit(1278020487.171:22): avc: denied { read } for pid=1007
comm="mingetty" name="log" dev=dm-0 ino=6188
scontext=system_u:system_r:getty_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=lnk_file
type=1400 audit(1278020566.762:38): avc: denied { read } for pid=1007
comm="login" name="log" dev=dm-0 ino=6188
scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_log_t:s0 tclass=lnk_file
===================================================
here is the layout of the files/directories in question:
ls -lasZ /var
~~~~~~~~
lrwxrwxrwx. root root system_u:object_r:var_log_t:s0 log -> /apps/var/log
ls -lasZ /apps
~~~~~~~~~
drwx--x--x. root root system_u:object_r:var_t:s0 var
ls -lasZ /apps/var
~~~~~~~~~~~~
drwx--x--x. root root system_u:object_r:var_t:s0 .
drwxr-xr-x. root root system_u:object_r:default_t:s0 ..
drwxr-xr-x. root root system_u:object_r:var_log_t:s0 log
ls -lasZ /apps/var/log
~~~~~~~~~~~~~~
drwxr-xr-x. root root system_u:object_r:var_log_t:s0 .
drwx--x--x. root root system_u:object_r:var_t:s0 ..
-rw-r--r--. root root system_u:object_r:var_log_t:s0 dmesg
drwxr-x---. exim exim system_u:object_r:default_t:s0 exim
-rw-rw-r--. root utmp system_u:object_r:wtmp_t:s0 wtmp
What am I doing wrong?!
More information about the selinux
mailing list