Bug 438698

Summary: SELinux is preventing sh (logrotate_t) "getattr" to /var/lock/subsys/cobblerd (var_lock_t)
Product: [Fedora] Fedora Reporter: Martin Tack <martin.tack>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED WORKSFORME QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: low    
Version: 8   
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
URL: Report from setroubleshoot browser
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-29 10:59:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
setroubleshoot report none

Description Martin Tack 2008-03-24 15:59:56 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; nl; rv:1.8.1.12) Gecko/20080208 Fedora/2.0.0.12-1.fc8 Firefox/2.0.0.12

Description of problem:
I'm not aware of a method to reproduce it, since it is a automated report.
Have tried the suggested in the report, it still comes now end then.

Filling a bug report is one of them :-)

yet, I haven't enough knowledge from the Selinux securities system, to do
whatever. 
I'm learning quickly, so I can contribute, but there are quite allot
of "things" to do.

Grateful for your attention

Martin Tack 

Flanders / Belgium
       

Version-Release number of selected component (if applicable):
selinux-policy-3.0.8-93.fc8

How reproducible:
Didn't try


Steps to Reproduce:
1.
2.
3.

Actual Results:


Expected Results:


Additional info:
in attachment the setroubleshout report

Comment 1 Martin Tack 2008-03-24 16:06:50 UTC
Created attachment 298901 [details]
setroubleshoot report

Comment 2 Daniel Walsh 2008-03-28 10:21:04 UTC
I have no idea why this would happen.  Logrotate is supposed to transition when
it executes an init script.  

Cobbler provides a logrotate script that does

/etc/init.d/cobblerd condrestart

cobblerd should be labeled initrc_exec_t and should have transitioned correctly.

Could you make sure of the label on cobblerd
# ls -lZ /etc/rc.d/init.d/cobblerd 
-rwxr-xr-x  root root system_u:object_r:initrc_exec_t:s0 /etc/rc.d/init.d/cobblerd


Comment 3 Martin Tack 2008-03-28 16:27:58 UTC
[maurice@eerste ~]$ su -c 'ls -lZ /etc/rc.d/init.d/cobblerd'
Wachtwoord: 
-rwxr-xr-x  root root system_u:object_r:initrc_exec_t:s0 /etc/rc.d/init.d/cobblerd
[maurice@eerste ~]$ 

That seems to be, 
meanwhile I had a kind of attack, when using Firefox 2.0.0.12
2 GB ram and 2,4 GB swap and duo core 3,4 Ghz went crazy.
Only way to stop it; pull the plug.

With the latest updates (26mrt) I think this is solved (I have read the change
logs carefully :)
But for now I'm not sure if those cosed also the first problem.
I'll give notice of events, thanks again    

 Martin Tack