From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7 Description of problem: Many denials reported by SELinux of the form: type=AVC msg=audit(1132324132.220:8476): avc: denied { write } for pid=1540 comm="klogd" name="log" dev=tmpfs ino=4750 scontext=system_u:system_r:klogd_t tcontext=system_u:object_r:device_t tclass=sock_file Version-Release number of selected component (if applicable): sysklogd-1.4.1-30 How reproducible: Always Steps to Reproduce: 1.Use standard FC4, updated nightly by yum 2.Set SeLinux to enforcing/targeted 3.Examine /var/log/audit/audit.log Or run aureport -a --failed Actual Results: Many Selinux denials as cited above Expected Results: No denials Additional info:
This probably indicates a labeling problem on your machine. touch /.autorelabel reboot should clean this up.
System rebooted with relabel at 19:05:01. When it came up an aureport gives: 4669. 11/30/05 19:18:25 klogd system_u:system_r:klogd_t 0 write system_u:object_r:device_t denied 6139 4670. 11/30/05 19:18:25 klogd system_u:system_r:klogd_t 0 write system_u:object_r:device_t denied 6140 4671. 11/30/05 19:19:12 klogd system_u:system_r:klogd_t 0 write system_u:object_r:device_t denied 6145 ------- last 3 lines only. -------- /etc/selinux/config is set to Enforcing/Targeted and: uname -a Linux sirius 2.6.14-1.1644_FC4 #1 Sun Nov 27 03:25:11 EST 2005 i686 i686 i386 GNU/Linux and rpm -qa|grep selinux selinux-doc-1.19.5-1 selinux-policy-targeted-sources-1.27.1-2.14 libselinux-1.23.10-2 libselinux-devel-1.23.10-2 selinux-policy-targeted-1.27.1-2.14
Could you attach your /var/log/audit/audit.log
Did this problem go away?
I added audit rules to allow this (I.e. klogd access). I will remove those and try again.
I have had no audit denials since the update to selinux-policy-targeted-1.27.1-2.16 on 9 Dec. '05. I removed the rule that I added, rebooted and see no denials. I think that update fixed the problem.
OOPS. I screwed up. I commented out the wrong line in /etc/selinux/targeted/src/policy/domains/misc. When I correct that and reboot I get from the aureport: 6782. 01/02/06 14:58:59 spamd system_u:system_r:spamd_t 102 write system_u:object_r:device_t denied 6 6783. 01/02/06 14:59:15 klogd system_u:system_r:klogd_t 0 sendto system_u:system_r:initrc_t denied 9 6784. 01/02/06 14:59:34 klogd system_u:system_r:klogd_t 0 sendto system_u:system_r:initrc_t denied 11 I will attach the audit.log (I hope, I have not done that before)
Created attachment 122691 [details] audit.log showing spamd and klogd denials
Could you execute the following. It appears that for some reason /dev/log is labeled incorrectly on your machine? # ps -eZ | grep klogd system_u:system_r:klogd_t 1686 ? 00:00:00 klogd # ls -lZ /dev/log srw-rw-rw- root root system_u:object_r:devlog_t /dev/log
As requested: [gc@sirius ~]$ ps -eZ | grep klogd system_u:system_r:klogd_t 1551 ? 00:00:00 klogd [gc@sirius ~]$ ls -lZ /dev/log srw-rw-rw- root root system_u:object_r:device_t /dev/log [gc@sirius ~]$ I will reboot/relabel and repeat. I will post if there is any change.
I am closing as I have not heard back.