Red Hat Bugzilla – Bug 226999
logwatch audit script exits prematurely with SELinux enabled
Last modified: 2007-11-30 17:11:56 EST
Description of problem:
The combination of strict enforcing SELinux policy and this line in
exit(0) unless -d '/selinux';
means that no log summary is produced for the "audit" service by
Because this line in /usr/share/logwatch/default.conf/services/audit.conf
*OnlyService = (kernel:)?\s*audit.*
filters out any non-audit log messages from the "pipe" into the service script,
it is effectively passed a null-length pipe if SELinux is not running anyway.
Hence the simplest fix is simply to remove the test for visibility of /selinux
in the logwatch service script, and avoid any further change to SELinux policy.
Version-Release number of selected component (if applicable):
logwatch-7.3-7.fc6 and selinux-policy-strict-2.4.6-27.fc6
Steps to Reproduce:
fixed in logwatch-7.3.2-6.fc7.