Bug 132983 - targeted policy broke syslogd
Summary: targeted policy broke syslogd
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: rawhide
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: FC3Blocker
TreeView+ depends on / blocked
 
Reported: 2004-09-20 16:44 UTC by Brian Millett
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-20 19:41:59 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Brian Millett 2004-09-20 16:44:15 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Gecko/20040904 Firefox/0.9.3

Description of problem:
I have the following set:
SELINUX=Enforcing
SELINUXTYPE=targeted

When I boot, things look good until syslogd is started, then I get
messages to the boot screen as follows:

audit(1095634287.733:0): avc:  denied  { read write } for  pid=10192
exe=/sbin/minilogd name=tty2 dev=tmpfs ino=1566
scontext=root:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t
tclass=chr_file
audit(1095634287.733:0): avc:  denied  { read write } for  pid=10192
exe=/sbin/minilogd path=/dev/null dev=tmpfs ino=974
scontext=root:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t
tclass=chr_file
audit(1095634287.733:0): avc:  denied  { read write } for  pid=10192
exe=/sbin/minilogd path=/dev/null dev=tmpfs ino=974
scontext=root:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t
tclass=chr_file
audit(1095634287.734:0): avc:  denied  { read write } for  pid=10192
exe=/sbin/minilogd path=/dev/null dev=tmpfs ino=974
scontext=root:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t
tclass=chr_file
audit(1095634287.734:0): avc:  denied  { search } for  pid=10192
exe=/sbin/minilogd dev=tmpfs ino=972 scontext=root:system_r:syslogd_t
tcontext=user_u:object_r:tmpfs_t tclass=dir
audit(1095634287.735:0): avc:  denied  { search } for  pid=10192
exe=/sbin/minilogd dev=tmpfs ino=972 scontext=root:system_r:syslogd_t
tcontext=user_u:object_r:tmpfs_t tclass=dir
audit(1095634287.742:0): avc:  denied  { search } for  pid=10192
exe=/sbin/minilogd dev=tmpfs ino=972 scontext=root:system_r:syslogd_t
tcontext=user_u:object_r:tmpfs_t tclass=dir
audit(1095634287.754:0): avc:  denied  { read write } for  pid=10194
exe=/sbin/minilogd name=tty2 dev=tmpfs ino=1566
scontext=root:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t
tclass=chr_file
audit(1095634287.762:0): avc:  denied  { read write } for  pid=10194
exe=/sbin/minilogd path=/dev/null dev=tmpfs ino=974
scontext=root:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t
tclass=chr_file
audit(1095634287.771:0): avc:  denied  { read write } for  pid=10194
exe=/sbin/minilogd path=/dev/null dev=tmpfs ino=974
scontext=root:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t
tclass=chr_file
audit(1095634287.779:0): avc:  denied  { read write } for  pid=10194
exe=/sbin/minilogd path=/dev/null dev=tmpfs ino=974
scontext=root:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t
tclass=chr_file
audit(1095634287.787:0): avc:  denied  { search } for  pid=10194
exe=/sbin/minilogd dev=tmpfs ino=972 scontext=root:system_r:syslogd_t
tcontext=user_u:object_r:tmpfs_t tclass=dir
audit(1095634287.795:0): avc:  denied  { search } for  pid=10194
exe=/sbin/minilogd dev=tmpfs ino=972 scontext=root:system_r:syslogd_t
tcontext=user_u:object_r:tmpfs_t tclass=dir
audit(1095634287.803:0): avc:  denied  { search } for  pid=10194
exe=/sbin/minilogd dev=tmpfs ino=972 scontext=root:system_r:syslogd_t
tcontext=user_u:object_r:tmpfs_t tclass=dir

Also, there is only this in /var/log/messages:
Sep 20 11:29:34 indoffcallacctg syslogd 1.4.1: restart.



Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.enable selinux
2.boot
3.read messages
    

Actual Results:  see discription

Expected Results:  syslog would work

Additional info:

Comment 1 Brian Millett 2004-09-20 19:41:59 UTC
This was caused from using a kernel from Arjan that did not contain
the xattr patch.  Reverting to 2.6.8-1.541 clear up this problem. 
Which leaves, I guess, a problem of the xattr patch becoming main stream.


Note You need to log in before you can comment on or make changes to this bug.