Red Hat Bugzilla – Bug 1065327
PCP mislabels newly created log files
Last modified: 2015-10-09 09:13:42 EDT
+++ This bug was initially created as a clone of Bug #999293 +++ Description of problem: After installing PCP on a new system, enabling all PCP services, and letting them run a while, the newly created log files have been mislabeled: localhost:~# restorecon -v -R /var restorecon reset /var/log/pcp/pmlogger/localhost/20130821.00.10.meta context system_u:object_r:cron_log_t:s0->system_u:object_r:var_log_t:s0 restorecon reset /var/log/pcp/pmlogger/localhost/20130821.00.10.index context system_u:object_r:cron_log_t:s0->system_u:object_r:var_log_t:s0 restorecon reset /var/log/pcp/pmlogger/localhost/20130820.index context system_u:object_r:cron_log_t:s0->system_u:object_r:var_log_t:s0 restorecon reset /var/log/pcp/pmlogger/localhost/20130820.0 context system_u:object_r:cron_log_t:s0->system_u:object_r:var_log_t:s0 restorecon reset /var/log/pcp/pmlogger/localhost/20130821.00.10.0 context system_u:object_r:cron_log_t:s0->system_u:object_r:var_log_t:s0 restorecon reset /var/log/pcp/pmlogger/localhost/pmlogger.log.prior context system_u:object_r:cron_log_t:s0->system_u:object_r:var_log_t:s0 restorecon reset /var/log/pcp/pmlogger/localhost/20130820.meta context system_u:object_r:cron_log_t:s0->system_u:object_r:var_log_t:s0 localhost:~# Version-Release number of selected component (if applicable): pcp-3.8.2-1.el6.x86_64 selinux-policy-targeted-3.7.19-195.el6_4.12.noarch --- Additional comment from Marko Myllynen on 2013-09-10 11:15:23 EEST --- Also restorecon reset /etc/pcp/pmlogger/config.default context system_u:object_r:etc_runtime_t:s0->system_u:object_r:etc_t:s0
Hi Lukas, Will the SELinux policy commit you made in #c8 of bz 1072785 tackle this issue that Marko has reported as well, by any chance? thanks!
Hi Nathan, Restorecon just restore right context for these files. Marko, Some AVC appeared?
(In reply to Lukas Vrabec from comment #3) > Restorecon just restore right context for these files. > > Some AVC appeared? I haven't seen any, I merely noticed this while I happened to run restorecon.
It's OK. I'll close this, but please when you will get some AVC please report it here.
(In reply to Lukas Vrabec from comment #5) > It's OK. > > I'll close this, but please when you will get some AVC please report it here. Shouldn't the files be created with correct labels regardless of AVCs?
(In reply to Marko Myllynen from comment #6) > Shouldn't the files be created with correct labels regardless of AVCs? Hi Marko - AIUI, the SELinux policy updates Lukas made (see #c8 of bz 1072785) ensure this labelling will be done correctly. These are a relatively recent addition and wouldn't have been in the RHEL7 images you were testing. Possibly this BZ could have been marked as a duplicate of that other, instead of closed/notabug. cheers.
(In reply to Nathan Scott from comment #7) > (In reply to Marko Myllynen from comment #6) > > Shouldn't the files be created with correct labels regardless of AVCs? > > Hi Marko - AIUI, the SELinux policy updates Lukas made (see #c8 of bz > 1072785) ensure this labelling will be done correctly. These are a > relatively recent addition and wouldn't have been in the RHEL7 images you > were testing. Ok, sounds good, thanks!