SELinux is preventing accounts-daemon from read access on the directory /var/log

Cristian Sava csava at central.ucv.ro
Fri Jun 14 15:15:37 UTC 2013 

On any F19 x64 Gnome we get:

SELinux is preventing accounts-daemon from read access on the
directory /var/log.

*****  Plugin catchall (100. confidence) suggests
***************************

If you believe that accounts-daemon should be allowed read access on the
log directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep accounts-daemon /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:accountsd_t:s0
Target Context                system_u:object_r:var_log_t:s0
Target Objects                /var/log [ dir ]
Source                        accounts-daemon
Source Path                   accounts-daemon
Port                          <Unknown>
Host                          s198.central.ucv.ro
Source RPM Packages           accountsservice-0.6.34-1.fc19.x86_64
Target RPM Packages           filesystem-3.2-10.fc19.x86_64
Policy RPM                    selinux-policy-3.12.1-48.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     s198.central.ucv.ro
Platform                      Linux s198.central.ucv.ro
3.9.5-301.fc19.x86_64 #1
                              SMP Tue Jun 11 19:39:38 UTC 2013 x86_64
x86_64
Alert Count                   9303
First Seen                    2013-06-14 07:41:29 EEST
Last Seen                     2013-06-14 18:10:33 EEST
Local ID                      0f10e959-1983-410a-80b4-9eb06538e467

Raw Audit Messages
type=AVC msg=audit(1371222633.229:4335): avc:  denied  { read } for
pid=432 comm="accounts-daemon" name="log" dev="dm-1" ino=1179686
scontext=system_u:system_r:accountsd_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=dir


type=SYSCALL msg=audit(1371222633.229:4335): arch=x86_64
syscall=inotify_add_watch success=no exit=EACCES a0=8 a1=7f00d27c5d10
a2=1002fce a3=0 items=0 ppid=1 pid=432 auid=4294967295 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none)
comm=accounts-daemon exe=/usr/libexec/accounts-daemon
subj=system_u:system_r:accountsd_t:s0 key=(null)

Hash: accounts-daemon,accountsd_t,var_log_t,dir,read

Cristian Sava

More information about the test mailing list