Bug 745175
Summary: | selinux prevents rsyslogd to access /usr/share/snmp/mibs/.index | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Karel Srot <ksrot> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Karel Srot <ksrot> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 5.7 | CC: | dwalsh, mmalik |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-2.4.6-321.el5 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-02-21 05:48:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Karel Srot
2011-10-11 14:48:57 UTC
Fixed in selinux-policy-2.4.6-318.el5 Mirek, when running automated test today I got the write denial again. type=SYSCALL msg=audit(1322825631.187:24): arch=40000003 syscall=5 success=no exit=-13 a0=bff1920c a1=8241 a2=1b6 a3=9431450 items=0 ppid=26267 pid=26268 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rsyslogd" exe="/sbin/rsyslogd" subj=root:system_r:syslogd_t:s0 key=(null) type=AVC msg=audit(1322825631.187:24): avc: denied { write } for pid=26268 comm="rsyslogd" name=".index" dev=dm-0 ino=3801430 scontext=root:system_r:syslogd_t:s0 tcontext=system_u:object_r:snmpd_var_lib_t:s0 tclass=file It seems that rsyslog wants to write to this file. I am not sure whether this access should be allowed or the message don't audited, though. I was runnin -320 policy where { ioctl read getattr lock } is allowed. Switching back to ON_QA 'till this is decided. Sorry for confusion. Probably should dontaudit Fixed in selinux-policy-2.4.6-321.el5 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0158.html |