Bug 428111 - SELinux is preventing /usr/sbin/logrotate (logrotate_t) "write" to (NetworkManager_log_t).
SELinux is preventing /usr/sbin/logrotate (logrotate_t) "write" to (NetworkMa...
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity high
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
: samwatson (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2008-01-09 05:39 EST by morgan read
Modified: 2008-01-14 02:31 EST (History)
3 users (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-10 16:21:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
settroubleshoot browser output #1 (2.35 KB, text/plain)
2008-01-09 05:39 EST, morgan read
no flags Details
settroubleshoot browser output #2 (2.35 KB, text/plain)
2008-01-09 05:42 EST, morgan read
no flags Details

  None (edit)
Description morgan read 2008-01-09 05:39:31 EST
Description of problem:
SELinux is preventing /usr/sbin/logrotate (logrotate_t) "write" to
SELinux is preventing /usr/sbin/logrotate (logrotate_t) "rename" to

Version-Release number of selected component (if applicable):
[morgan@morgansmachine ~]$ rpm -q logrotate

How reproducible:
Just wait

Steps to Reproduce:
1. just wait
2. settroubleshoot browser does it stuff
Actual results:

Expected results:
no denials

Additional info:
Comment 1 morgan read 2008-01-09 05:39:31 EST
Created attachment 291127 [details]
settroubleshoot browser output #1
Comment 2 morgan read 2008-01-09 05:42:11 EST
Created attachment 291128 [details]
settroubleshoot browser output #2
Comment 3 Nicola Soranzo 2008-01-09 07:46:04 EST
I have the same.

The problem is the file /var/log/wpa_supplicant.log :

$ ls -Z /var/log/wpa_supplicant.log 
-rw-r--r--  root root system_u:object_r:NetworkManager_log_t

Probably this bug should be assigned to selinux-policy component.
Comment 4 Tomas Smetana 2008-01-09 08:03:12 EST
This looks to be assigned to the right component -- logrotate indeed causes the
security context to be lost.  The updated logrotate should be out soon.
Comment 5 Tomas Smetana 2008-01-09 09:21:54 EST
No. I didn't read carefully enough.  This really should go to selinux-policy. 
Changing the component.
Comment 6 Daniel Walsh 2008-01-10 16:21:55 EST
Fixed in  selinux-policy-3.0.8-73.fc8
Comment 7 Tomas Smetana 2008-01-14 02:31:10 EST
*** Bug 428584 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.