Bug 155795 - Logwatch cron script wants to write to root_t
Summary: Logwatch cron script wants to write to root_t
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: logwatch
Version: rawhide
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jiri Ryska
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: FC4Target
TreeView+ depends on / blocked
 
Reported: 2005-04-23 12:38 UTC by Ivan Gyurdiev
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-06-02 01:16:59 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Ivan Gyurdiev 2005-04-23 12:38:19 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050416 Fedora/1.0.3-2 Firefox/1.0.3

Description of problem:
audit(1114243323.340:0): avc:  denied  { add_name } for  pid=2451 exe=/usr/bin/perl name=logwatch.SfBRaj06 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t tclass=dir
audit(1114243323.340:0): avc:  denied  { create } for  pid=2451 exe=/usr/bin/perl name=logwatch.SfBRaj06 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t tclass=dir
audit(1114243323.632:0): avc:  denied  { ioctl } for  pid=2464 exe=/usr/bin/perl path=/logwatch.SfBRaj06/messages dev=dm-0 ino=713902 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t tclass=file
audit(1114243323.761:0): avc:  denied  { write } for  pid=2464 exe=/usr/bin/perl path=/logwatch.SfBRaj06/messages dev=dm-0 ino=713902 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t tclass=file
audit(1114243325.951:0): avc:  denied  { rmdir } for  pid=2451 exe=/usr/bin/perl name=logwatch.SfBRaj06 dev=dm-0 ino=713872 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t tclass=dir


Version-Release number of selected component (if applicable):
selinux-policy-strict-1.23.12-1

How reproducible:
Didn't try

Steps to Reproduce:


Additional info:
Comment 1 Daniel Walsh 2005-04-25 18:39:42 UTC 
Why is logwatch writing files to /?

This looks like a configuration problem.
Comment 2 Ivan Gyurdiev 2005-04-25 19:11:48 UTC 
No idea...changing component to logwatch.
Comment 3 Ivan Gyurdiev 2005-05-06 15:21:11 UTC 
What's the status of this bug?
Why does logwatch write to / ? 

audit(1115366523.541:0): avc:  denied  { write } for  name=/ dev=dm-0 ino=2
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=dir
audit(1115366523.541:0): avc:  denied  { add_name } for  name=logwatch.WyrkQhyt
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=dir
audit(1115366523.541:0): avc:  denied  { create } for  name=logwatch.WyrkQhyt
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=dir
audit(1115366523.743:0): avc:  denied  { create } for  name=messages
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=file
audit(1115366523.746:0): avc:  denied  { ioctl } for 
path=/logwatch.WyrkQhyt/messages dev=dm-0 ino=713869
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=file
audit(1115366523.946:0): avc:  denied  { write } for 
path=/logwatch.WyrkQhyt/messages dev=dm-0 ino=713869
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=file
audit(1115366524.171:0): avc:  denied  { append } for 
path=/logwatch.WyrkQhyt/http-archive dev=dm-0 ino=713913
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=file
audit(1115366524.428:0): avc:  denied  { read } for  name=http-archive dev=dm-0
ino=713913 scontext=system_u:system_r:system_crond_t
tcontext=system_u:object_r:root_t tclass=file
audit(1115366528.183:0): avc:  denied  { remove_name } for  name=samba dev=dm-0
ino=713916 scontext=system_u:system_r:system_crond_t
tcontext=system_u:object_r:root_t tclass=dir
audit(1115366528.183:0): avc:  denied  { unlink } for  name=samba dev=dm-0
ino=713916 scontext=system_u:system_r:system_crond_t
tcontext=system_u:object_r:root_t tclass=file
audit(1115366528.185:0): avc:  denied  { rmdir } for  name=logwatch.WyrkQhyt
dev=dm-0 ino=713868 scontext=system_u:system_r:system_crond_t
tcontext=system_u:object_r:root_t tclass=dir
Comment 4 Jiri Ryska 2005-05-17 15:24:06 UTC 
I have two questions:
1) what says "rpm -q logwatch"?
2) what says "grep TmpDir /etc/log.d/conf/logwatch.conf"?
Comment 5 Ivan Gyurdiev 2005-05-17 18:08:00 UTC 
logwatch-6.0.1-1
TmpDir = /tmp
Comment 6 Jiri Ryska 2005-05-19 14:28:43 UTC 
I think it should be fixed in logwatch-6.0.1-2. If you want to try my fixes they
are temporarily available at
http://people.redhat.com/jryska/logwatch-6.0.1-2.testing.noarch.rpm
http://people.redhat.com/jryska/logwatch-6.0.1-2.testing.src.rpm
Comment 7 bjorn l. 2005-05-21 00:04:27 UTC 
This (and many other bugs) are fixed in the current upstream 6.1 release.
Is it possible to roll that in?
Comment 8 Ivan Gyurdiev 2005-06-02 01:16:59 UTC 
Haven't seen this in a while...could it be fixed?

This is logwatch-6.0.1-2. Sorry that I didn't test it when you
asked me to - lots of stuff to take care of, and I forget.

Closing for now, may reopen if I see it again.
Note You need to log in before you can comment on or make changes to this bug.