logwatch error messages

Robert Moskowitz rgm at htt-consult.com
Thu Jan 23 04:07:02 UTC 2014 

I am seeing the following errors via "journalctl |grep logwatch":

Jan 22 03:37:14 lx120e.htt-consult.com setroubleshoot[11102]: dbus 
avc(node=lx120e.htt-consult.com type=AVC msg=audit(1390390627.456:1007): 
avc:  denied  { execute } for pid=11100 comm="logwatch" name="procmail" 
dev="sda3" ino=1187050 
scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:procmail_exec_t:s0 tclass=file
node=lx120e.htt-consult.com type=SYSCALL msg=audit(1390390627.456:1007): 
arch=c000003e syscall=59 success=no exit=-13 a0=d13ad0 a1=d13a50 
a2=d137c0 a3=8 items=0 ppid=11013 pid=11100 auid=0 uid=0 gid=0 euid=0 
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=16 tty=(none) comm="logwatch" 
exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 
key=(null)
Jan 22 03:37:14 lx120e.htt-consult.com setroubleshoot[11102]: 
AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com 
type=AVC msg=audit(1390390627.456:1007): avc:  denied  { execute } for  
pid=11100 comm="logwatch" name="procmail" dev="sda3" ino=1187050 
scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:procmail_exec_t:s0 tclass=file
Jan 22 03:37:14 lx120e.htt-consult.com setroubleshoot[11102]: 
AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com 
type=SYSCALL msg=audit(1390390627.456:1007): arch=c000003e syscall=59 
success=no exit=-13 a0=d13ad0 a1=d13a50 a2=d137c0 a3=8 items=0 
ppid=11013 pid=11100 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 
sgid=0 fsgid=0 ses=16 tty=(none) comm="logwatch" exe="/usr/bin/perl" 
subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null)
Jan 22 03:37:14 lx120e.htt-consult.com setroubleshoot[11102]: 
analyze_avc() avc=scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:procmail_exec_t:s0 access=['execute'] 
tclass=file tpath=procmail


I had performed the following selinux policy:

On 01/06/2014 08:14 AM, Daniel J Walsh wrote:
>
> Create a file mylogwatch.te with the following content.
>
> policy_module(mylogwatch, 1.0)
> gen_require(`
>      type logwatch_mail_t;
> ')
>
> mta_filetrans_admin_home_content(logwatch_mail_t)
>
> Now execute this command to compile the policy and load it into the kernel
>
> # make -f /usr/share/selinux/devel/Makefile
> # semodule -i mylogwatch.pp
>
> Now you should be allowed to run logwatch_mail_t in enforcing mode.
>

What do these messages mean?

More information about the users mailing list