logrotate accessing /root avc messages
Luciano Furtado
lrfurtado at yahoo.com.br
Thu Mar 24 18:08:53 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey Guys,
Any ideas why logrotate is trying to access /root as shown by the avc
message bellow:
lrfurtado:~# ausearch -ts today
- ----
time->Thu Mar 24 06:25:45 2011
type=SYSCALL msg=audit(1300947945.464:26): arch=40000003 syscall=5
success=no exit=-13 a0=88404c0 a1=8000 a2=0 a3=8000 items=0 ppid=13192
pid=13193 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="logrotate"
exe="/usr/sbin/logrotate"
subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1300947945.464:26): avc: denied { search } for
pid=13193 comm="logrotate" name="root" dev=xvda ino=401409
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:unconfined_home_dir_t:s0 tclass=dir
is this the issue described here :
https://bugzilla.redhat.com/show_bug.cgi?id=471463
For now I have added :
allow logrotate_t unconfined_home_dir_t:dir search;
to my local module to shut up the avc messages. IS there any to stop
logrotate from generating those AVC messages other then adding the allow
rule above?
Best Regards.
Luciano
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNi4i1AAoJENgwSj9ZOOwrAlwH/i8NnndtZl4Ktw3e4uDZZ2Qm
kyhvNnf3UmKfTEUTcn7/BFVqWAr+SCVjuZfO1ITEns7vTr89cs8Z1R9+cfgMOLbK
CUvQYLx9aPZqse5OsU4/Qpq0x3IRFBc+fsbm8tLYl3G8V38omIINpro59wuzZtdK
5hrB7cTQKnrBZaHopr8CLA3H4oIEuwVtxyvy63CKrVuXCT5SakVyUEAf4Dr2DPgz
7MOTqEJq1G5NMxEMWBuFLYkQQ6J7djXEe9P6mFHnOcYQ+WxWBQUhuR2fWoFteRXK
BEzXEV86UieM8cmp9mI+Z2qusXFggWsQNjkBZ1GumCB9GidZQLdyCH+fDNf7tSU=
=VWaD
-----END PGP SIGNATURE-----
More information about the selinux
mailing list