Bug 438698
Summary: | SELinux is preventing sh (logrotate_t) "getattr" to /var/lock/subsys/cobblerd (var_lock_t) | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Martin Tack <martin.tack> | ||||
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED WORKSFORME | QA Contact: | Ben Levenson <benl> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 8 | ||||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
URL: | Report from setroubleshoot browser | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-03-29 10:59:57 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Martin Tack
2008-03-24 15:59:56 UTC
Created attachment 298901 [details]
setroubleshoot report
I have no idea why this would happen. Logrotate is supposed to transition when it executes an init script. Cobbler provides a logrotate script that does /etc/init.d/cobblerd condrestart cobblerd should be labeled initrc_exec_t and should have transitioned correctly. Could you make sure of the label on cobblerd # ls -lZ /etc/rc.d/init.d/cobblerd -rwxr-xr-x root root system_u:object_r:initrc_exec_t:s0 /etc/rc.d/init.d/cobblerd [maurice@eerste ~]$ su -c 'ls -lZ /etc/rc.d/init.d/cobblerd' Wachtwoord: -rwxr-xr-x root root system_u:object_r:initrc_exec_t:s0 /etc/rc.d/init.d/cobblerd [maurice@eerste ~]$ That seems to be, meanwhile I had a kind of attack, when using Firefox 2.0.0.12 2 GB ram and 2,4 GB swap and duo core 3,4 Ghz went crazy. Only way to stop it; pull the plug. With the latest updates (26mrt) I think this is solved (I have read the change logs carefully :) But for now I'm not sure if those cosed also the first problem. I'll give notice of events, thanks again Martin Tack |