Description of problem: SELinux denied access requested by /usr/sbin/tmpwatch. It is not expected that this access is required by /usr/sbin/tmpwatch and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.0.8-13.fc8 How reproducible: Sometimes Steps to Reproduce: 1. /etc/crond.daily/tmpwatch 2. 3. Actual results: Access violation Expected results: No access violation Additional info: Source Context: system_u:system_r:tmpreaper_t:s0 Target Context: system_u:object_r:man_t:s0 Target Objects: None [ dir ] Affected RPM Packages: tmpwatch-2.9.11-1 [application] Policy RPM: selinux-policy-3.0.8-13.fc8 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: plugins.catchall_file Host Name: valkyrie.localdomain Platform: Linux valkyrie.localdomain 2.6.23-0.202.rc8.fc8 #1 SMP Mon Sep 24 21:42:57 EDT 2007 x86_64 x86_64 Alert Count: 18 First Seen: Thu 27 Sep 2007 11:47:39 AM EDT Last Seen: Thu 27 Sep 2007 11:47:39 AM EDTLocal ID: 10a16c25-ed1e-4246-8526-496e8cf93e6b Line Numbers: Raw Audit Messages :avc: denied { read } for comm=tmpwatch dev=dm-0 egid=0 euid=0 exe=/usr/sbin/tmpwatch exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=cat1 pid=12671 scontext=system_u:system_r:tmpreaper_t:s0 sgid=0 subj=system_u:system_r:tmpreaper_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:man_t:s0 tty=(none) uid=0
Any idea why tmpreaper would be reading the man directories?
The Daily tmpwatch script is: #! /bin/sh /usr/sbin/tmpwatch -x /tmp/.X11-unix -x /tmp/.XIM-unix -x /tmp/.font-unix \ -x /tmp/.ICE-unix -x /tmp/.Test-unix 10d /tmp /usr/sbin/tmpwatch 30d /var/tmp for d in /var/{cache/man,catman}/{cat?,X11R6/cat?,local/cat?}; do if [ -d "$d" ]; then /usr/sbin/tmpwatch -f 30d "$d" fi done So I guess it's the /var/cache/man and/or /var/catman directories that are at issue.
Fixed in selinux-policy-3.0.8-15.fc8.src.rpm
Bulk closing a old selinux policy bugs that were in the modified state. If the bug is still not fixed. Please reopen.