Bug 479131
| Summary: | SELinux is preventing perl (logwatch_t) "write" to ./dmeventd_syslogpattern.txt (etc_t). | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Tim Burke <tburke> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE <qe-baseos-auto> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.3 | ||
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-01-07 17:10:52 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 475562 *** |
Running RHEL5.3 circa about Dec 10. Got this selinux issue. Detailed DescriptionSELinux is preventing perl (logwatch_t) "write" to ./dmeventd_syslogpattern.txt (etc_t). The SELinux type etc_t, is a generic type for all files in the directory and very few processes (SELinux Domains) are allowed to write to this SELinux type. This type of denial usual indicates a mislabeled file. By default a file created in a directory has the gets the context of the parent directory, but SELinux policy has rules about the creation of directories, that say if a process running in one SELinux Domain (D1) creates a file in a directory with a particular SELinux File Context (F1) the file gets a different File Context (F2). The policy usually allows the SELinux Domain (D1) the ability to write, unlink, and append on (F2). But if for some reason a file (./dmeventd_syslogpattern.txt) was created with the wrong context, this domain will be denied. The usual solution to this problem is to reset the file context on the target file, restorecon -v './dmeventd_syslogpattern.txt'. If the file context does not change from etc_t, then this is probably a bug in policy. Additional InformationSource Context: system_u:system_r:logwatch_t:SystemLow-SystemHighTarget Context: user_u:object_r:etc_tTarget Objects: ./dmeventd_syslogpattern.txt [ file ]Source: perlSource Path: /usr/bin/perlPort: <Unknown>Host: dhcp-100-18-29.bos.redhat.comSource RPM Packages: perl-5.8.8-18.el5Target RPM Packages: Policy RPM: selinux-policy-2.4.6-197.el5Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin Name: mislabeled_fileHost Name: dhcp-100-18-29.bos.redhat.comPlatform: Linux dhcp-100-18-29.bos.redhat.com 2.6.18-125.el5 #1 SMP Mon Dec 1 17:38:19 EST 2008 i686 i686Alert Count: 6 First Seen: Sat 13 Dec 2008 09:55:59 AM ESTLast Seen: Wed 07 Jan 2009 09:03:31 AM ESTLocal ID: 6b3256f7-190d-43a6-9d26-621c9d8b2117Line Numbers: Raw Audit Messages :host=dhcp-100-18-29.bos.redhat.com type=AVC msg=audit(1231337011.206:24): avc: denied { write } for pid=4461 comm="perl" name="dmeventd_syslogpattern.txt" dev=dm-1 ino=4259950 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=user_u:object_r:etc_t:s0 tclass=file host=dhcp-100-18-29.bos.redhat.com type=SYSCALL msg=audit(1231337011.206:24): arch=40000003 syscall=5 success=no exit=-13 a0=972b138 a1=8002 a2=0 a3=8002 items=0 ppid=4458 pid=4461 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="perl" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null)