Description of problem: SELinux is preventing epylog from 'read' accesses on the fichier /epylog/__init__.pyc. ***** Plugin catchall (100. confidence) suggests ************************** Si vous pensez que epylog devrait être autorisé à accéder read sur __init__.pyc file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # ausearch -c "epylog" --raw | audit2allow -M my-epylog # semodule -X 300 -i my-epylog.pp Additional Information: Source Context system_u:system_r:logwatch_t:s0-s0:c0.c1023 Target Context system_u:object_r:default_t:s0 Target Objects /epylog/__init__.pyc [ file ] Source epylog Source Path epylog Port <Inconnu> Host (removed) Source RPM Packages epylog-1.0.7-23.fc29.noarch Target RPM Packages epylog-1.0.7-23.fc29.noarch Policy RPM selinux-policy-3.14.2-44.fc29.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.19.8-300.fc29.x86_64 #1 SMP Mon Dec 10 15:23:11 UTC 2018 x86_64 x86_64 Alert Count 2 First Seen 2018-12-12 13:24:04 CET Last Seen 2018-12-12 13:24:04 CET Local ID da2c5006-52f1-4825-bd62-81823d2e2a14 Raw Audit Messages type=AVC msg=audit(1544617444.666:1346): avc: denied { read } for pid=25676 comm="epylog" name="__init__.pyc" dev="dm-0" ino=262198 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file permissive=0 Hash: epylog,logwatch_t,default_t,file,read Version-Release number of selected component: selinux-policy-3.14.2-44.fc29.noarch Additional info: component: selinux-policy reporter: libreport-2.9.7 hashmarkername: setroubleshoot kernel: 4.19.8-300.fc29.x86_64 type: libreport
Hi, This is not bug in SELinux policy. You're using custom path for your sources. Please use: # semanage fcontxt -a -t lib_t /epilog(/.*)? # restorecon -Rv /epilog Thanks, Lukas.
Bonjour, la commande # semanage fcontxt -a -t lib_t /epilog(/.*)? me marque : # bash: erreur de syntaxe près du symbole inattendu « ( » celle ci à fonctionner : # semanage fcontext -a -t lib_t /epilog mais la suivante # restorecon -Rv /epilog me marque # restorecon: lstat(/epilog) failed: No such file or directory dois je essayer ? Vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Autoriser cet accès pour le moment en exécutant : # ausearch -c "epylog" --raw | audit2allow -M my-epylog # semodule -X 300 -i my-epylog.pp Merci Mathieu
The commands should actually read: # semanage fcontext -a -t lib_t '/epylog(/.*)?' # restorecon -Rv /epylog provided /epylog is a custom path for the python modules used by epylog.
thanks you commands accept
It looks like a packaging issue in F29: $ rpm -ql epylog|more /epylog /epylog/__init__.py /epylog/__init__.pyc /epylog/helpers.py /epylog/helpers.pyc /epylog/log.py /epylog/log.pyc /epylog/module.py /epylog/module.pyc /epylog/mytempfile.py /epylog/mytempfile.pyc /epylog/publishers.py /epylog/publishers.pyc /epylog/report.py /epylog/report.pyc /etc/cron.daily/epylog.cron .. $ ls -ld /epylog /usr/lib/python2.7/site-packages/epylog ls: cannot access '/usr/lib/python2.7/site-packages/epylog': No such file or directory drwxr-xr-x. 2 root root 4096 Jan 14 18:26 /epylog $ rpm -q epylog epylog-1.0.7-23.fc29.noarch Additionally, on a fresh system the epylog package cannot be installed: Error: Problem: conflicting requests - nothing provides python2-pygpgme needed by epylog-1.0.7-23.fc29.noarch Existing F28 installation containing python2-pygpgme-0.3-26.fc28.x86_64 updates to F29 well; still, the updated F29 package contains libraries in the /epylog path.
My apologies. I really screwed up getting the F29 built. The problem is that F29 does not have a %{_python_sitelib}/ and that meant it stuck it in /
epylog-1.0.7-25.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-72263f65e5
epylog-1.0.7-25.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-72263f65e5
epylog-1.0.7-25.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.