Bug 188689 - SELinux Targeted breaks syslog daemon
Summary: SELinux Targeted breaks syslog daemon
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-04-12 05:32 UTC by Tony Tsui
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-14 15:17:40 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
yum log (4.34 KB, text/plain)
2006-05-12 00:09 UTC, Tony Tsui
no flags Details
/etc/services (353.67 KB, application/octet-stream)
2006-05-15 00:04 UTC, Tony Tsui
no flags Details

Description Tony Tsui 2006-04-12 05:32:46 UTC
Hi, 

Not sure if this is right component to report this bug against.

Description of problem:
syslog started via /etc/init.d/syslog has the following avc denied messages:

Apr 12 15:33:26 rifter kernel: audit(1144820006.817:4830): avc:  denied  { read
} for  pid=3855 comm="syslogd" name="services" dev=hda8 ino=645832
scontext=user_u:system_r:syslogd_t:s0
tcontext=user_u:object_r:rpm_script_tmp_t:s0 tclass=file
Apr 12 15:33:26 rifter kernel: audit(1144820006.817:4831): avc:  denied  {
getattr } for  pid=3855 comm="syslogd" name="services" dev=hda8 ino=645832
scontext=user_u:system_r:syslogd_t:s0
tcontext=user_u:object_r:rpm_script_tmp_t:s0 tclass=file


The security contexts for /etc/services is:

[root@rifter ~]# ll -Z /etc/services
-rw-r--r--  root     root     user_u:object_r:rpm_script_tmp_t /etc/services


Interestingly syslogd started via the command line does not have this problem.

Version-Release number of selected component (if applicable):
[tony@rifter packages] rpm -qa | grep selinux
selinux-policy-2.2.29-3.fc5
libselinux-devel-1.30-1.fc5
libselinux-1.30-1.fc5
libselinux-python-1.30-1.fc5
selinux-policy-targeted-2.2.29-3.fc5


How reproducible:
Everytime.

Steps to Reproduce:
1. Start syslogd via /etc/init.d/syslog start
  
Actual results:
syslog will not log any messages in log files, e.g. /var/log/messages

Expected results:
Syslog should log files.

Additional info:
I saw the avc denied messages after disabling enforcing via setenforce 0.

Comment 2 Daniel Walsh 2006-05-09 15:46:32 UTC
How did services get that label?  Seems some appl;ication updated services in a
postinstall script and then moved it from /tmp to /etc

restorcon /etc/services will fix the labeling.  Any idea what caused it?

Comment 3 Tony Tsui 2006-05-12 00:09:03 UTC
Created attachment 128923 [details]
yum log

Hi,

I don't know what caused this. Attached are the packages which was updated just
before I notice the problem. Unfortunately it is a fairly long list. I've
manually checked the spec file for a few packages but didn't notice any code to
modify /etc/services.

Perhaps it is possible to checkout the spec files for all these packages from
CVS and grep for "services"?

Tony

Comment 4 Daniel Walsh 2006-05-12 20:07:03 UTC
Could you attach your /etc/services, maybe we can diff it to see which service
was added.

Comment 5 Tony Tsui 2006-05-15 00:04:22 UTC
Created attachment 129023 [details]
/etc/services

Hi,

Here is my /etc/services

Comment 7 Daniel Walsh 2007-02-14 15:17:40 UTC
All of these bugs should be fixed in FC6,  You could attempt to use the FC6
policy on FC5 or upgrade.  Or you could use 

audit2allow -M mypolicy -i /var/log/audit/audit.log 
and build local customized policy


Note You need to log in before you can comment on or make changes to this bug.