Bug 653473
Summary: | AVC: denied { search } for pid=9429 comm="rsyslogd" name="spool" | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ruben Kerkhof <ruben> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 13 | CC: | dwalsh, mgrepl |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-11-16 09:56:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ruben Kerkhof
2010-11-15 15:15:04 UTC
This is local customization, you need to add a custom policy # grep rsyslogd /var/log/audit/audit.log | audit2allow -M mysyslog # semodule -i mysyslog.pp Hi Dan, I'm just using documented configuration settings, in a default location from the rsyslog examples. /var/spool/rsyslog is already labeled as var_log_t, so rsyslog has permissions to create the queues and everything, that's all working fine. It's the { search } of /var/spool that's generating the AVC. I'm not sure what the { search } permission does, and how much harm there is in allowing it? I guess it's something rsyslog shouldn't be doing. Your right, my mistake. Miroslav can you add files_search_spool(syslogd_t) Fixed in selinux-policy-3.9.9-1.fc15.noarch. |