Bug 155795 - Logwatch cron script wants to write to root_t
Logwatch cron script wants to write to root_t
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: logwatch (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jiri Ryska
:
Depends On:
Blocks: FC4Target
  Show dependency treegraph
 
Reported: 2005-04-23 08:38 EDT by Ivan Gyurdiev
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-01 21:16:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ivan Gyurdiev 2005-04-23 08:38:19 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050416 Fedora/1.0.3-2 Firefox/1.0.3

Description of problem:
audit(1114243323.340:0): avc:  denied  { add_name } for  pid=2451 exe=/usr/bin/perl name=logwatch.SfBRaj06 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t tclass=dir
audit(1114243323.340:0): avc:  denied  { create } for  pid=2451 exe=/usr/bin/perl name=logwatch.SfBRaj06 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t tclass=dir
audit(1114243323.632:0): avc:  denied  { ioctl } for  pid=2464 exe=/usr/bin/perl path=/logwatch.SfBRaj06/messages dev=dm-0 ino=713902 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t tclass=file
audit(1114243323.761:0): avc:  denied  { write } for  pid=2464 exe=/usr/bin/perl path=/logwatch.SfBRaj06/messages dev=dm-0 ino=713902 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t tclass=file
audit(1114243325.951:0): avc:  denied  { rmdir } for  pid=2451 exe=/usr/bin/perl name=logwatch.SfBRaj06 dev=dm-0 ino=713872 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t tclass=dir


Version-Release number of selected component (if applicable):
selinux-policy-strict-1.23.12-1

How reproducible:
Didn't try

Steps to Reproduce:


Additional info:
Comment 1 Daniel Walsh 2005-04-25 14:39:42 EDT
Why is logwatch writing files to /?

This looks like a configuration problem.
Comment 2 Ivan Gyurdiev 2005-04-25 15:11:48 EDT
No idea...changing component to logwatch.
Comment 3 Ivan Gyurdiev 2005-05-06 11:21:11 EDT
What's the status of this bug?
Why does logwatch write to / ? 

audit(1115366523.541:0): avc:  denied  { write } for  name=/ dev=dm-0 ino=2
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=dir
audit(1115366523.541:0): avc:  denied  { add_name } for  name=logwatch.WyrkQhyt
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=dir
audit(1115366523.541:0): avc:  denied  { create } for  name=logwatch.WyrkQhyt
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=dir
audit(1115366523.743:0): avc:  denied  { create } for  name=messages
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=file
audit(1115366523.746:0): avc:  denied  { ioctl } for 
path=/logwatch.WyrkQhyt/messages dev=dm-0 ino=713869
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=file
audit(1115366523.946:0): avc:  denied  { write } for 
path=/logwatch.WyrkQhyt/messages dev=dm-0 ino=713869
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=file
audit(1115366524.171:0): avc:  denied  { append } for 
path=/logwatch.WyrkQhyt/http-archive dev=dm-0 ino=713913
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=file
audit(1115366524.428:0): avc:  denied  { read } for  name=http-archive dev=dm-0
ino=713913 scontext=system_u:system_r:system_crond_t
tcontext=system_u:object_r:root_t tclass=file
audit(1115366528.183:0): avc:  denied  { remove_name } for  name=samba dev=dm-0
ino=713916 scontext=system_u:system_r:system_crond_t
tcontext=system_u:object_r:root_t tclass=dir
audit(1115366528.183:0): avc:  denied  { unlink } for  name=samba dev=dm-0
ino=713916 scontext=system_u:system_r:system_crond_t
tcontext=system_u:object_r:root_t tclass=file
audit(1115366528.185:0): avc:  denied  { rmdir } for  name=logwatch.WyrkQhyt
dev=dm-0 ino=713868 scontext=system_u:system_r:system_crond_t
tcontext=system_u:object_r:root_t tclass=dir
Comment 4 Jiri Ryska 2005-05-17 11:24:06 EDT
I have two questions:
1) what says "rpm -q logwatch"?
2) what says "grep TmpDir /etc/log.d/conf/logwatch.conf"?
Comment 5 Ivan Gyurdiev 2005-05-17 14:08:00 EDT
logwatch-6.0.1-1
TmpDir = /tmp
Comment 6 Jiri Ryska 2005-05-19 10:28:43 EDT
I think it should be fixed in logwatch-6.0.1-2. If you want to try my fixes they
are temporarily available at
http://people.redhat.com/jryska/logwatch-6.0.1-2.testing.noarch.rpm
http://people.redhat.com/jryska/logwatch-6.0.1-2.testing.src.rpm
Comment 7 bjorn l. 2005-05-20 20:04:27 EDT
This (and many other bugs) are fixed in the current upstream 6.1 release.
Is it possible to roll that in?
Comment 8 Ivan Gyurdiev 2005-06-01 21:16:59 EDT
Haven't seen this in a while...could it be fixed?

This is logwatch-6.0.1-2. Sorry that I didn't test it when you
asked me to - lots of stuff to take care of, and I forget.

Closing for now, may reopen if I see it again.


Note You need to log in before you can comment on or make changes to this bug.