Bug 500768
| Summary: | SELinux is preventing readahead_t (read|open|getattr) auditd_etc_t | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Allen Kistler <ackistler> | ||||||
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||||
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | rawhide | CC: | dwalsh, jkubin, mgrepl | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2009-05-29 01:36:26 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Fixed in selinux-policy-3.6.12-36.fc11.noarch Created attachment 344314 [details] setroublshooter denial report early.sorted (In reply to comment #1) > Fixed in selinux-policy-3.6.12-36.fc11.noarch I'm on selinux-policy-3.6.12-34 and saw these two, but I'm not sure if they are exactly the same as the reporter Created attachment 344315 [details]
setroublshooter denial report later.sorted
David: early.sorted on my system is in /var/lib/readahead and has context readahead_var_lib_t, not etc_t, which is what sealert is trying to tell you when it says You can attempt to fix file context by executing restorecon -v early.sorted Ditto later.sorted. Somehow your contexts got messed up. restorecon is your friend. HTH Tested against selinux-policy-3.6.12-39. Verified that all those events are now "dontaudit" Closing ... |
Description of problem: A few denials in audit.log. They occurred coincident with a log rotation initiated by anacron, even though audit.log didn't get rotated itself. Version-Release number of selected component (if applicable): selinux-policy-3.6.12-34 How reproducible: Sometimes (?) Steps to Reproduce: 1. boot 2. look in audit.log Actual results: AVC denials (see below) Expected results: No AVC denials Additional info: I haven't succeeded in reproducing the denials, even though audit2why says there's not an enforcement rule to allow the actions. Nevertheless, here they are. node=ack607 type=AVC msg=audit(1242260032.181:24): avc: denied { read } for pid=8345 comm="readahead" name="auditd.conf" dev=dm-7 ino=41387 scontext=system_u:system_r:readahead_t:s0-s0:c0.c1023 tcontext=system_u:object_r:auditd_etc_t:s0 tclass=file node=ack607 type=AVC msg=audit(1242260032.181:24): avc: denied { open } for pid=8345 comm="readahead" name="auditd.conf" dev=dm-7 ino=41387 scontext=system_u:system_r:readahead_t:s0-s0:c0.c1023 tcontext=system_u:object_r:auditd_etc_t:s0 tclass=file node=ack607 type=AVC msg=audit(1242260032.188:25): avc: denied { getattr } for pid=8345 comm="readahead" path="/etc/audit/auditd.conf" dev=dm-7 ino=41387 scontext=system_u:system_r:readahead_t:s0-s0:c0.c1023 tcontext=system_u:object_r:auditd_etc_t:s0 tclass=file