Description of problem: i get selinux denials: avc: denied { read, write } for comm="ethtool" dev=sockfs egid=497 euid=99 exe="/sbin/ethtool" exit=0 fsgid=497 fsuid=99 gid=497 items=0 name="[166497]" path="socket:[166497]" pid=14486 scontext=system_u:system_r:ifconfig_t:s0 sgid=497 subj=system_u:system_r:ifconfig_t:s0 suid=99 tclass=tcp_socket tcontext=system_u:system_r:initrc_t:s0 tty=(none) uid=99 and avc: denied { append } for comm="smartctl" dev=dm-0 egid=497 euid=0 exe="/usr/sbin/smartctl" exit=0 fsgid=497 fsuid=0 gid=497 items=0 name="munin-node.log" path="socket:[166497]" pid=14798 scontext=system_u:system_r:fsadm_t:s0 sgid=497 subj=system_u:system_r:fsadm_t:s0 suid=0 tclass=file tcontext=system_u:object_r:var_log_t:s0 tty=(none) uid=0 whever munin-node runs. it's perfectly possible these should be fixed in the apps rather than the policy but i don't know. Version-Release number of selected component (if applicable): munin-node-1.2.5-2.fc7 How reproducible: every five minutes!
The first avc message is caused because munin-node is leaking a file descriptor. The tcp_socket file descriptor should be closed on exec fcntl(fd, F_SETFD, FD_CLOEXEC) The second one looks like smartctl >> /var/lg/munin-node.log? Probably need to confing munin-node.
Sorry for the long long delay here. ;( Not sure what do do about these issues off hand. The first one is ethtool being called from a munin plugin (perl). I don't think there would be any way for it to be leaking a file descriptor there... Not sure what needs configuring in munin-node on the second. Will dig some more...
Sorry (again) for the delay... do you still see these errors? There have been some selinux policy changes for munin, and I am not seeing them here off hand...
no, these particular errors have gone. there are still a few selinux denials when running munin-node but i'm tracking them in bug 428942
Excellent. Thanks for posting those! :) I guess we can close this bug now? Feel free to re-open or file a new one if there is anything I can do. I will also add myself to CC on 428942. Thanks again.