Bug 705277

Summary: rsyslogd cannot search /var/spool/rsyslog and cannot read /dev/random
Product: Red Hat Enterprise Linux 6 Reporter: Milos Malik <mmalik>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1CC: dwalsh, erinn.looneytriggs, jokajak, mgrepl
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.7.19-96.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 10:07:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Milos Malik 2011-05-17 09:03:59 UTC 
Description of problem:

Version-Release number of selected component (if applicable):
rsyslog-4.6.2-3.el6.ppc64
rsyslog-gnutls-4.6.2-3.el6.ppc64
selinux-policy-3.7.19-94.el6.noarch
selinux-policy-doc-3.7.19-94.el6.noarch
selinux-policy-minimum-3.7.19-94.el6.noarch
selinux-policy-mls-3.7.19-94.el6.noarch
selinux-policy-targeted-3.7.19-94.el6.noarch

How reproducible:
always

Steps to Reproduce:
* run following automated test on RHEL-6.1 machine:
  /CoreOS/selinux-policy/Regression/bz593139-rsyslog-and-similar
  
Actual results:
----
time->Tue May 17 04:58:29 2011
type=SYSCALL msg=audit(1305622709.321:7234): arch=80000015 syscall=106 success=no exit=-13 a0=ffff9077d20 a1=ffff9077c88 a2=ffff9077c88 a3=7fffffff items=0 ppid=16422 pid=16423 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1195 comm="rsyslogd" exe="/sbin/rsyslogd" subj=unconfined_u:system_r:syslogd_t:s0 key=(null)
type=AVC msg=audit(1305622709.321:7234): avc:  denied  { search } for  pid=16423 comm="rsyslogd" name="spool" dev=dm-0 ino=2884384 scontext=unconfined_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
----
time->Tue May 17 04:58:29 2011
type=SYSCALL msg=audit(1305622709.331:7235): arch=80000015 syscall=33 success=no exit=-13 a0=fffa09907e8 a1=4 a2=8 a3=fff9801a188 items=0 ppid=1 pid=16424 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1195 comm=72733A616374696F6E203820717565 exe="/sbin/rsyslogd" subj=unconfined_u:system_r:syslogd_t:s0 key=(null)
type=AVC msg=audit(1305622709.331:7235): avc:  denied  { read } for  pid=16424 comm=72733A616374696F6E203820717565 name="random" dev=devtmpfs ino=873 scontext=unconfined_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file
----
time->Tue May 17 04:58:31 2011
type=SYSCALL msg=audit(1305622711.890:7237): arch=80000015 syscall=106 success=no exit=-13 a0=fffff27b8d0 a1=fffff27b838 a2=fffff27b838 a3=7fffffff items=0 ppid=16468 pid=16469 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1195 comm="rsyslogd" exe="/sbin/rsyslogd" subj=unconfined_u:system_r:syslogd_t:s0 key=(null)
type=AVC msg=audit(1305622711.890:7237): avc:  denied  { search } for  pid=16469 comm="rsyslogd" name="spool" dev=dm-0 ino=2884384 scontext=unconfined_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
----
time->Tue May 17 04:58:31 2011
type=SYSCALL msg=audit(1305622711.890:7238): arch=80000015 syscall=33 success=no exit=-13 a0=fffae6b07e8 a1=4 a2=8 a3=fffa401a188 items=0 ppid=1 pid=16470 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1195 comm=72733A616374696F6E203820717565 exe="/sbin/rsyslogd" subj=unconfined_u:system_r:syslogd_t:s0 key=(null)
type=AVC msg=audit(1305622711.890:7238): avc:  denied  { read } for  pid=16470 comm=72733A616374696F6E203820717565 name="random" dev=devtmpfs ino=873 scontext=unconfined_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file
----

Expected results:
no AVCs
Comment 5 Miroslav Grepl 2011-05-24 06:22:15 UTC 
*** Bug 707060 has been marked as a duplicate of this bug. ***
Comment 8 Miroslav Grepl 2011-05-27 11:55:37 UTC 
Fixed in selinux-policy-3.7.19-96.el6
Comment 11 Miroslav Grepl 2011-10-25 07:46:14 UTC 
*** Bug 748545 has been marked as a duplicate of this bug. ***
Comment 12 errata-xmlrpc 2011-12-06 10:07:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1511.html