Fedora Account System
Red Hat Associate
Red Hat Customer
Description of problem: SELinux is preventing rsyslogd (syslogd_t) "read" to ./System.map-2.6.25-0.95.rc4.fc9 (system_map_t).v Version-Release number of selected component (if applicable): Source RPM Packages rsyslog-2.0.2-1.fc9 How reproducible: Upon rebooting to try out new kernel, setroubleshoot fired out warning. Steps to Reproduce: 1. turn on machine 2. login to DE 3. open setroubleshoot to see it, *happens on one of the two machines* Actual results: Summary: SELinux is preventing rsyslogd (syslogd_t) "read" to ./System.map-2.6.25-0.95.rc4.fc9 (system_map_t). Detailed Description: SELinux denied access requested by rsyslogd. It is not expected that this access is required by rsyslogd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./System.map-2.6.25-0.95.rc4.fc9, restorecon -v './System.map-2.6.25-0.95.rc4.fc9' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context unconfined_u:system_r:syslogd_t Target Context system_u:object_r:system_map_t Target Objects ./System.map-2.6.25-0.95.rc4.fc9 [ file ] Source rsyslogd Source Path /sbin/rsyslogd Port <Unknown> Host localhost Source RPM Packages rsyslog-2.0.2-1.fc9 Target RPM Packages Policy RPM selinux-policy-3.3.1-12.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name localhost Platform Linux localhost 2.6.25-0.95.rc4.fc9 #1 SMP Thu Mar 6 01:17:49 EST 2008 i686 athlon Alert Count 1 First Seen Sat 08 Mar 2008 07:58:10 AM CST Last Seen Sat 08 Mar 2008 07:58:10 AM CST Local ID b9ac46d0-bfde-485c-8cec-2547c11a4daf Line Numbers Raw Audit Messages host=localhost type=AVC msg=audit(1204984690.594:21): avc: denied { read } for pid=2913 comm="rsyslogd" name="System.map-2.6.25-0.95.rc4.fc9" dev=sda3 ino=6052 scontext=unconfined_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:system_map_t:s0 tclass=file host=localhost type=SYSCALL msg=audit(1204984690.594:21): arch=40000003 syscall=5 success=no exit=-13 a0=1357c0 a1=0 a2=1b6 a3=0 items=0 ppid=2912 pid=2913 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="rsyslogd" exe="/sbin/rsyslogd" subj=unconfined_u:system_r:syslogd_t:s0 key=(null) Expected results: To work as normal Additional info: upon request
Could you check, if the problem exists even with rsyslog-3.12.1. It was built in rawhide on Feb 1st. thnx.
*** Bug 436989 has been marked as a duplicate of this bug. ***
I can't find rsyslog-3.12.1 in koji. If you provide a link, I will test. cached packages in /var/cache/yum are: -rw-r--r-- 1 root root 209273 2008-01-18 05:20 rsyslog-2.0.0-1.fc9.i386.rpm -rw-r--r-- 1 root root 209432 2008-01-22 06:42 rsyslog-2.0.0-2.fc9.i386.rpm -rw-r--r-- 1 root root 206448 2008-02-13 09:02 rsyslog-2.0.2-1.fc9.i386.rpm -rw-r--r-- 1 root root 301513 2008-03-07 03:25 rsyslog-3.12.1-1.fc9.i386.rpm No 3.12.1 :-(
http://koji.fedoraproject.org/koji/buildinfo?buildID=42536
Well, I got this AVC installing it: type=AVC msg=audit(1205362698.730:35): avc: denied { read } for pid=7842 comm="rsyslogd" name="System.map-2.6.25-0.113.rc5.git2.fc9" dev=sda3 ino=6056 scontext=unconfined_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:system_map_t:s0 tclass=file type=SYSCALL msg=audit(1205362698.730:35): arch=40000003 syscall=5 success=no exit=-13 a0=11a7c0 a1=0 a2=1b6 a3=0 items=0 ppid=7841 pid=7842 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="rsyslogd" exe="/sbin/rsyslogd" subj=unconfined_u:system_r:syslogd_t:s0 key=(null)
No joy on reboot. In fact, the first reboot after the update to the new rsyslog caused lots of issues. A successive reboot seemed to work better. I attach complete outputs from dmesg for the "next 2 reboots" below. The "failure" in the first reboot seemed to be avahi and hal not starting. In any case, in the "working second reboot", I still see this AVC: type=1400 audit(1205363081.774:4): avc: denied { read } for pid=2232 comm="rsyslogd" name="System.map-2.6.25-0.113.rc5.git2.fc9" dev=sda3 ino=6056 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:system_map_t:s0 tclass=file
Created attachment 297865 [details] dmesg from failing reboot On this reboot, avahi and hal did not start properly, nor did gdm. System was left in "text console" mode.
Created attachment 297866 [details] dmesg output from "working" reboot. This reboot booted up to gdm, and appears functioning, but has same AVC as prior version.
Fixed in selinux-policy-3.3.1-17.fc9 Tom the first bug is NetworkManager blowing up and trying to run gdb to get a stack trace. We are trying to figure out a better way to handle this.