Bug 436989 - SELinux is preventing rsyslogd (syslogd_t) "getattr" to /boot/System.map-2.6.25-0.105.rc5.fc9 (system_map_t).
Summary: SELinux is preventing rsyslogd (syslogd_t) "getattr" to /boot/System.map-2.6....
Keywords:
Status: CLOSED DUPLICATE of bug 436895
Alias: None
Product: Fedora
Classification: Fedora
Component: rsyslog
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Peter Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-03-11 15:09 UTC by Matěj Cepl
Modified: 2018-04-11 12:13 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-03-11 15:14:44 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Matěj Cepl 2008-03-11 15:09:22 UTC 
Description of problem:
Summary:

SELinux is preventing rsyslogd (syslogd_t) "getattr" to
/boot/System.map-2.6.25-0.105.rc5.fc9 (system_map_t).

Detailed Description:

[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]

SELinux denied access requested by rsyslogd. It is not expected that this access
is required by rsyslogd and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /boot/System.map-2.6.25-0.105.rc5.fc9,

restorecon -v '/boot/System.map-2.6.25-0.105.rc5.fc9'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:syslogd_t
Target Context                system_u:object_r:system_map_t
Target Objects                /boot/System.map-2.6.25-0.105.rc5.fc9 [ file ]
Source                        rsyslogd
Source Path                   /sbin/rsyslogd
Port                          <Unknown>
Host                          hubmaier.ceplovi.cz
Source RPM Packages           rsyslog-3.12.1-1.fc9
Target RPM Packages           kernel-2.6.25-0.105.rc5.fc9
Policy RPM                    selinux-policy-3.3.1-12.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   catchall_file
Host Name                     hubmaier.ceplovi.cz
Platform                      Linux hubmaier.ceplovi.cz 2.6.25-0.105.rc5.fc9 #1
                              SMP Mon Mar 10 20:59:23 EDT 2008 x86_64 x86_64
Alert Count                   1
First Seen                    Tue 11 Mar 2008 16:02:10 CET
Last Seen                     Tue 11 Mar 2008 16:02:10 CET
Local ID                      3f84a88f-c4e9-49ad-806c-8878e743455e
Line Numbers                  

Raw Audit Messages            

host=hubmaier.ceplovi.cz type=AVC msg=audit(1205247730.509:87): avc:  denied  {
getattr } for  pid=3829 comm="rsyslogd"
path="/boot/System.map-2.6.25-0.105.rc5.fc9" dev=sda1 ino=15
scontext=system_u:system_r:syslogd_t:s0
tcontext=system_u:object_r:system_map_t:s0 tclass=file

host=hubmaier.ceplovi.cz type=SYSCALL msg=audit(1205247730.509:87):
arch=c000003e syscall=5 success=yes exit=0 a0=9 a1=7fffe73ae9c0 a2=7fffe73ae9c0
a3=7fd6df3926f0 items=0 ppid=3828 pid=3829 auid=4294967295 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rsyslogd"
exe="/sbin/rsyslogd" subj=system_u:system_r:syslogd_t:s0 key=(null)

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.3.1-12.fc9.noarch
rsyslog-3.12.1-2.fc9.x86_64
Comment 1 Peter Vrabec 2008-03-11 15:14:44 UTC 

*** This bug has been marked as a duplicate of 436895 ***
Note You need to log in before you can comment on or make changes to this bug.