SELinux is preventing accounts-daemon from read access on the directory /var/log
Cristian Sava
csava at central.ucv.ro
Fri Jun 14 15:15:37 UTC 2013
On any F19 x64 Gnome we get:
SELinux is preventing accounts-daemon from read access on the
directory /var/log.
***** Plugin catchall (100. confidence) suggests
***************************
If you believe that accounts-daemon should be allowed read access on the
log directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep accounts-daemon /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:accountsd_t:s0
Target Context system_u:object_r:var_log_t:s0
Target Objects /var/log [ dir ]
Source accounts-daemon
Source Path accounts-daemon
Port <Unknown>
Host s198.central.ucv.ro
Source RPM Packages accountsservice-0.6.34-1.fc19.x86_64
Target RPM Packages filesystem-3.2-10.fc19.x86_64
Policy RPM selinux-policy-3.12.1-48.fc19.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name s198.central.ucv.ro
Platform Linux s198.central.ucv.ro
3.9.5-301.fc19.x86_64 #1
SMP Tue Jun 11 19:39:38 UTC 2013 x86_64
x86_64
Alert Count 9303
First Seen 2013-06-14 07:41:29 EEST
Last Seen 2013-06-14 18:10:33 EEST
Local ID 0f10e959-1983-410a-80b4-9eb06538e467
Raw Audit Messages
type=AVC msg=audit(1371222633.229:4335): avc: denied { read } for
pid=432 comm="accounts-daemon" name="log" dev="dm-1" ino=1179686
scontext=system_u:system_r:accountsd_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=dir
type=SYSCALL msg=audit(1371222633.229:4335): arch=x86_64
syscall=inotify_add_watch success=no exit=EACCES a0=8 a1=7f00d27c5d10
a2=1002fce a3=0 items=0 ppid=1 pid=432 auid=4294967295 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none)
comm=accounts-daemon exe=/usr/libexec/accounts-daemon
subj=system_u:system_r:accountsd_t:s0 key=(null)
Hash: accounts-daemon,accountsd_t,var_log_t,dir,read
Cristian Sava
More information about the test
mailing list