Bug 188689 - SELinux Targeted breaks syslog daemon
SELinux Targeted breaks syslog daemon
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-12 01:32 EDT by Tony Tsui
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-14 10:17:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
yum log (4.34 KB, text/plain)
2006-05-11 20:09 EDT, Tony Tsui
no flags Details
/etc/services (353.67 KB, application/octet-stream)
2006-05-14 20:04 EDT, Tony Tsui
no flags Details

  None (edit)
Description Tony Tsui 2006-04-12 01:32:46 EDT
Hi, 

Not sure if this is right component to report this bug against.

Description of problem:
syslog started via /etc/init.d/syslog has the following avc denied messages:

Apr 12 15:33:26 rifter kernel: audit(1144820006.817:4830): avc:  denied  { read
} for  pid=3855 comm="syslogd" name="services" dev=hda8 ino=645832
scontext=user_u:system_r:syslogd_t:s0
tcontext=user_u:object_r:rpm_script_tmp_t:s0 tclass=file
Apr 12 15:33:26 rifter kernel: audit(1144820006.817:4831): avc:  denied  {
getattr } for  pid=3855 comm="syslogd" name="services" dev=hda8 ino=645832
scontext=user_u:system_r:syslogd_t:s0
tcontext=user_u:object_r:rpm_script_tmp_t:s0 tclass=file


The security contexts for /etc/services is:

[root@rifter ~]# ll -Z /etc/services
-rw-r--r--  root     root     user_u:object_r:rpm_script_tmp_t /etc/services


Interestingly syslogd started via the command line does not have this problem.

Version-Release number of selected component (if applicable):
[tony@rifter packages] rpm -qa | grep selinux
selinux-policy-2.2.29-3.fc5
libselinux-devel-1.30-1.fc5
libselinux-1.30-1.fc5
libselinux-python-1.30-1.fc5
selinux-policy-targeted-2.2.29-3.fc5


How reproducible:
Everytime.

Steps to Reproduce:
1. Start syslogd via /etc/init.d/syslog start
  
Actual results:
syslog will not log any messages in log files, e.g. /var/log/messages

Expected results:
Syslog should log files.

Additional info:
I saw the avc denied messages after disabling enforcing via setenforce 0.
Comment 2 Daniel Walsh 2006-05-09 11:46:32 EDT
How did services get that label?  Seems some appl;ication updated services in a
postinstall script and then moved it from /tmp to /etc

restorcon /etc/services will fix the labeling.  Any idea what caused it?
Comment 3 Tony Tsui 2006-05-11 20:09:03 EDT
Created attachment 128923 [details]
yum log

Hi,

I don't know what caused this. Attached are the packages which was updated just
before I notice the problem. Unfortunately it is a fairly long list. I've
manually checked the spec file for a few packages but didn't notice any code to
modify /etc/services.

Perhaps it is possible to checkout the spec files for all these packages from
CVS and grep for "services"?

Tony
Comment 4 Daniel Walsh 2006-05-12 16:07:03 EDT
Could you attach your /etc/services, maybe we can diff it to see which service
was added.
Comment 5 Tony Tsui 2006-05-14 20:04:22 EDT
Created attachment 129023 [details]
/etc/services

Hi,

Here is my /etc/services
Comment 7 Daniel Walsh 2007-02-14 10:17:40 EST
All of these bugs should be fixed in FC6,  You could attempt to use the FC6
policy on FC5 or upgrade.  Or you could use 

audit2allow -M mypolicy -i /var/log/audit/audit.log 
and build local customized policy

Note You need to log in before you can comment on or make changes to this bug.