From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.8) Gecko/20071030 Fedora/2.0.0.8-2.fc8 Firefox/2.0.0.8 Description of problem: On my F8 system I get these message block in the emails from logwatch: --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/sda5 14G 6.3G 7.0G 48% / /dev/sda1 981M 46M 886M 5% /boot df: `/usr/src/vmware': Permission denied df: `/usr/src/vmware': Permission denied ---------------------- Disk Space End ------------------------- So there is a problem getting the disk space information for /usr/src/vmware, but every local user should be able to access /usr/src/vmware: [bart@riker ~]$ ls -l /usr/src/ insgesamt 32 drwxr-xr-x 4 root root 4096 12. Nov 15:58 kernels drwxr-xr-x 3 root root 4096 9. Nov 20:47 local drwxr-xr-x 7 root root 4096 9. Nov 21:22 redhat drwxr-xr-x 12 bart bart 4096 15. Apr 2007 vmware Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. no idea 2. 3. Actual Results: Expected Results: Additional info:
Could you please attach here the result of command: df -h -l -x tmpfs
[root@riker ~]# df -h -l -x tmpfs Dateisystem Größe Benut Verf Ben% Eingehängt auf /dev/sda5 14G 6,3G 6,9G 48% / /dev/sda1 981M 46M 886M 5% /boot /dev/sda7 69G 51G 15G 78% /usr/src/vmware
Created attachment 261041 [details] testing script Could you please substitute your file /usr/share/logwatch/scripts/services/zz-disk_space with attached one. And put here the output of command: logwatch --print --service zz-disk_space.
Looks much better with your new script: ################### Logwatch 7.3.6 (05/19/07) #################### Processing Initiated: Fri Nov 16 19:31:08 2007 Date Range Processed: yesterday ( 2007-Nov-15 ) Period is day. Detail Level of Output: 0 Type of Output: unformatted Logfiles for Host: riker.ncc1701d ################################################################## --------------------- Disk Space Begin ------------------------ the used command is: df -h -l -x tmpfs Filesystem Size Used Avail Use% Mounted on /dev/sda5 14G 6.3G 6.9G 48% / /dev/sda1 981M 46M 886M 5% /boot /dev/sda7 69G 51G 15G 78% /usr/src/vmware finished ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################
Hmm, running from anacron it still doesn't work: --------------------- Disk Space Begin ------------------------ the used command is: df -h -l -x tmpfs Filesystem Size Used Avail Use% Mounted on /dev/sda5 14G 6.3G 6.9G 48% / /dev/sda1 981M 46M 886M 5% /boot df: `/usr/src/vmware': Permission denied finished df: `/usr/src/vmware': Permission denied ---------------------- Disk Space End -------------------------
Hello, do you have selinux targeted? Please try to run anacron with setenforce 0 and let me know. Regards, Marcela (anacron maintainer)
Yes, selinux targeted is set to enforcing mode by default. After setenforce 0 everything is ok: --------------------- Disk Space Begin ------------------------ the used command is: df -h -l -x tmpfs Filesystem Size Used Avail Use% Mounted on /dev/sda5 14G 6.3G 7.0G 48% / /dev/sda1 981M 46M 886M 5% /boot /dev/sda7 69G 51G 15G 78% /usr/src/vmware finished ---------------------- Disk Space End ------------------------- I checked yesterdays logs, but there is no message from selinux indicating there is a problem during the anacron run.
This seems to be selinux-policy problem - reasign to selinux.
Fixed in selinux-policy-3.0.8-59.fc8 If you execute # semodule -DB You can get all of the AVC Messages that are being dontaudited. You will probably see one about logwatch searching src_t. # semodule -B Will turn off dontaudits again.
Hmm, run 'semodule -DB' directly after power-on. This resulted in: Nov 20 17:06:42 riker dbus: avc: received policyload notice (seqno=3) Nov 20 17:06:44 riker setroubleshoot: #012 SELinux hindert dbus-daemon (system_dbusd_t) "name_bind" am Zugriff auf <Unknown> (hi_reserved_port_t).#012 For complete SELinux messages. run sealert -l f284566b-311b-422a-aa8a-4cf3f4a7502f Nov 20 17:06:44 riker setroubleshoot: #012 SELinux hindert dbus-daemon (system_dbusd_t) "name_bind" am Zugriff auf <Unknown> (hi_reserved_port_t).#012 For complete SELinux messages. run sealert -l f284566b-311b-422a-aa8a-4cf3f4a7502f Nov 20 17:06:44 riker setroubleshoot: [program.ERROR] Can not handle AVC'S related to dispatcher. exiting#012setroubleshoot context=system_u:system_r:setroubleshootd_t:s0, AVC scontext=system_u:system_r:setroubleshootd_t:s0 Nov 20 17:06:44 riker setroubleshoot: #012 SELinux hindert /bin/dbus-daemon (system_dbusd_t) "name_bind" am Zugriff auf <Unknown> (hi_reserved_port_t).#012 For complete SELinux messages. run sealert -l f284566b-311b-422a-aa8a-4cf3f4a7502f But I got no AVC message for logwatch. The disk space error ist still there: --------------------- Disk Space Begin ------------------------ the used command is: df -h -l -x tmpfs Filesystem Size Used Avail Use% Mounted on /dev/sda5 14G 6.3G 7.0G 48% / /dev/sda1 981M 46M 886M 5% /boot df: `/usr/src/vmware': Permission denied finished df: `/usr/src/vmware': Permission denied ---------------------- Disk Space End ------------------------- Do I have to update to selinux-policy-3.0.8-59.fc8 just to see the messages?
Nope bug could you look at /var/log/audit/audit.log Setroubleshoot probably exited.
Created attachment 265181 [details] audit.log file I've attached my audit.log file for inspection. I don't see anything relvant there. Why aren't the the timestamps stored in a readable format? It's hard to search for specific entries at a certain time.
ausearch -m avc would extract all of the avc messages and format the time stamp. type=AVC msg=audit(1195579341.191:244): avc: denied { search } for pid=5327 comm="df" name="src" dev=sda5 ino=2192355 scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:src_t:s0 tclass=dir is causing the failure allow logwatch_t src_t:dir search; If you added this rule, it should begin to work # grep src_t /var/log/audit/audit.log | audit2allow -M mylogwatch # semodule -i mylogwatch.pp
Ok, then I'll just wait until selinux-policy-3.0.8-59.fc8 is available as an update. I don't like creating special rules for my system. Everything should just work with the default setup.
I'm now on selinux-policy-targeted-3.0.8-62.fc8 and the problem is gone. Thanks!