logwatch error messages

Daniel J Walsh dwalsh at redhat.com
Thu Jan 23 13:38:15 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/22/2014 11:07 PM, Robert Moskowitz wrote:
> I am seeing the following errors via "journalctl |grep logwatch":
> 
> Jan 22 03:37:14 lx120e.htt-consult.com setroubleshoot[11102]: dbus 
> avc(node=lx120e.htt-consult.com type=AVC msg=audit(1390390627.456:1007):
> avc: denied  { execute } for pid=11100 comm="logwatch" name="procmail"
> dev="sda3" ino=1187050
> scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 
> tcontext=system_u:object_r:procmail_exec_t:s0 tclass=file 
> node=lx120e.htt-consult.com type=SYSCALL msg=audit(1390390627.456:1007): 
> arch=c000003e syscall=59 success=no exit=-13 a0=d13ad0 a1=d13a50 a2=d137c0
> a3=8 items=0 ppid=11013 pid=11100 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 ses=16 tty=(none) comm="logwatch"
> exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023
> key=(null) Jan 22 03:37:14 lx120e.htt-consult.com setroubleshoot[11102]: 
> AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com
> type=AVC msg=audit(1390390627.456:1007): avc:  denied  { execute } for
> pid=11100 comm="logwatch" name="procmail" dev="sda3" ino=1187050 
> scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 
> tcontext=system_u:object_r:procmail_exec_t:s0 tclass=file Jan 22 03:37:14
> lx120e.htt-consult.com setroubleshoot[11102]: 
> AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com 
> type=SYSCALL msg=audit(1390390627.456:1007): arch=c000003e syscall=59
> success=no exit=-13 a0=d13ad0 a1=d13a50 a2=d137c0 a3=8 items=0 ppid=11013
> pid=11100 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> ses=16 tty=(none) comm="logwatch" exe="/usr/bin/perl" 
> subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null) Jan 22 03:37:14
> lx120e.htt-consult.com setroubleshoot[11102]: analyze_avc() 
> avc=scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 
> tcontext=system_u:object_r:procmail_exec_t:s0 access=['execute']
> tclass=file tpath=procmail
> 
> 
> I had performed the following selinux policy:
> 
> On 01/06/2014 08:14 AM, Daniel J Walsh wrote:
>> 
>> Create a file mylogwatch.te with the following content.
>> 
>> policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
>> 
>> mta_filetrans_admin_home_content(logwatch_mail_t)
>> 
>> Now execute this command to compile the policy and load it into the
>> kernel
>> 
>> # make -f /usr/share/selinux/devel/Makefile # semodule -i mylogwatch.pp
>> 
>> Now you should be allowed to run logwatch_mail_t in enforcing mode.
>> 
> 
> What do these messages mean?
> 
> 
They mean that logwatch is not allowed to execute the procmail program.

You could add policy for it.

procmail_domtrans(logwatch_t)



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlLhG0cACgkQrlYvE4MpobP1gQCg1SkBm1tHzCGpLV89R+CdDq0f
/PMAn3UQmCO4ubKl2QonXSarQt/R6H9t
=/HFU
-----END PGP SIGNATURE-----

More information about the users mailing list