Bug 461624

Summary: auditd service won't start because of "Unable to open /sbin/audispd (Permission denied)"
Product: Red Hat Enterprise Linux 5 Reporter: Jay Turner <jturner>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 5.3CC: mmalik, sgrubb, srevivo, syeghiay
Target Milestone: betaKeywords: Regression
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 2.4.6-157.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-09-23 12:18:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jay Turner 2008-09-09 15:24:23 UTC 
Description of problem:
I'm not able to start the auditd service because of:

Sep  9 11:12:41 haring kernel: type=1400 audit(1220973161.087:70): avc:  denied  { read } for  pid=4184 comm="auditd" name="audispd" dev=dm-0 ino=620352 scontext=user_u:system_r:auditd_t:s0 tcontext=system_u:object_r:audisp_exec_t:s0 tclass=file
Sep  9 11:12:41 haring auditd: Unable to open /sbin/audispd (Permission denied)

Version-Release number of selected component (if applicable):
# rpm -q audit kernel selinux-policy-targeted
audit-1.6.5-9.el5
kernel-2.6.18-109.el5
selinux-policy-targeted-2.4.6-152.el5

How reproducible:
Always

Steps to Reproduce:
1. 'service auditd start'
2.
3.
  
Actual results:
syslog:
Sep  9 11:12:41 haring kernel: type=1400 audit(1220973161.087:70): avc:  denied  { read } for  pid=4184 comm="auditd" name="audispd" dev=dm-0 ino=620352 scontext=user_u:system_r:auditd_t:s0 tcontext=system_u:object_r:audisp_exec_t:s0 tclass=file
Sep  9 11:12:41 haring auditd: Unable to open /sbin/audispd (Permission denied)
Sep  9 11:12:41 haring auditd: The audit daemon is exiting.


Expected results:


Additional info:
Comment 2 Steve Grubb 2008-09-11 15:33:17 UTC 
This looks like a policy bug. transferring to selinux-policy.
Comment 3 Daniel Walsh 2008-09-11 17:41:56 UTC 
Fixed in /selinux-policy-2.4.6-155.el5
Comment 4 Jay Turner 2008-09-12 00:13:09 UTC 
-155.el5 build failed
Comment 5 Jay Turner 2008-09-16 13:22:35 UTC 
Moving back to assigned so the bug doesn't fall off the radar.
Comment 6 Jay Turner 2008-09-16 18:21:03 UTC 
Fix confirmed with -157.el5.  Will close out once that package appears in a 5.3-candidate compose.
Comment 7 Jay Turner 2008-09-23 12:18:48 UTC 
2.4.6-158.el5 included in beta-candidate trees (20080919.1 for Server and 20080919.2 for Client)