Red Hat Bugzilla – Bug 386021
SELinux is preventing /usr/sbin/tmpwatch (tmpreaper_t) "getattr" to /var/log (var_log_t).
Last modified: 2008-01-30 14:19:04 EST
Description of problem:
SELinux denied access requested by /usr/sbin/tmpwatch. It is not expected that
this access is required by /usr/sbin/tmpwatch and this access may signal an
intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional access.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
SELinux doesn't complain
Created attachment 260601 [details]
Output from: setroubleshoot browser
Thanks for your report.
Usually, log files in /var/log are handled by logrotate. Is running tmpwatch in
I don't particularly care where it runs. This is a default installation so the
execution directory was not set by me. I'll have to rummage around to fix it.
It should work out-of-the-box otherwise a real security issue gets lost in all
the bogus ones.
kismet is setting up tmpwatch to look at the log files.
You can allow this for now by executing
# audit2allow -M mypol -i /var/log/audit/audit.log
# semodule -i mypol.pp
Fixed in selinux-policy-3.0.8-58.fc8
Bulk closing all bugs in Fedora updates in the modified state. If you bug is
not fixed, please reopen.