Bug 438698 - SELinux is preventing sh (logrotate_t) "getattr" to /var/lock/subsys/cobblerd (var_lock_t)
Summary: SELinux is preventing sh (logrotate_t) "getattr" to /var/lock/subsys/cobblerd...
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 8
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL: Report from setroubleshoot browser
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-03-24 15:59 UTC by Martin Tack
Modified: 2008-03-29 10:59 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-03-29 10:59:57 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
setroubleshoot report (2.73 KB, text/plain)
2008-03-24 16:06 UTC, Martin Tack
no flags Details

Description Martin Tack 2008-03-24 15:59:56 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; nl; rv:1.8.1.12) Gecko/20080208 Fedora/2.0.0.12-1.fc8 Firefox/2.0.0.12

Description of problem:
I'm not aware of a method to reproduce it, since it is a automated report.
Have tried the suggested in the report, it still comes now end then.

Filling a bug report is one of them :-)

yet, I haven't enough knowledge from the Selinux securities system, to do
whatever. 
I'm learning quickly, so I can contribute, but there are quite allot
of "things" to do.

Grateful for your attention

Martin Tack 

Flanders / Belgium
       

Version-Release number of selected component (if applicable):
selinux-policy-3.0.8-93.fc8

How reproducible:
Didn't try


Steps to Reproduce:
1.
2.
3.

Actual Results:


Expected Results:


Additional info:
in attachment the setroubleshout report

Comment 1 Martin Tack 2008-03-24 16:06:50 UTC
Created attachment 298901 [details]
setroubleshoot report

Comment 2 Daniel Walsh 2008-03-28 10:21:04 UTC
I have no idea why this would happen.  Logrotate is supposed to transition when
it executes an init script.  

Cobbler provides a logrotate script that does

/etc/init.d/cobblerd condrestart

cobblerd should be labeled initrc_exec_t and should have transitioned correctly.

Could you make sure of the label on cobblerd
# ls -lZ /etc/rc.d/init.d/cobblerd 
-rwxr-xr-x  root root system_u:object_r:initrc_exec_t:s0 /etc/rc.d/init.d/cobblerd


Comment 3 Martin Tack 2008-03-28 16:27:58 UTC
[maurice@eerste ~]$ su -c 'ls -lZ /etc/rc.d/init.d/cobblerd'
Wachtwoord: 
-rwxr-xr-x  root root system_u:object_r:initrc_exec_t:s0 /etc/rc.d/init.d/cobblerd
[maurice@eerste ~]$ 

That seems to be, 
meanwhile I had a kind of attack, when using Firefox 2.0.0.12
2 GB ram and 2,4 GB swap and duo core 3,4 Ghz went crazy.
Only way to stop it; pull the plug.

With the latest updates (26mrt) I think this is solved (I have read the change
logs carefully :)
But for now I'm not sure if those cosed also the first problem.
I'll give notice of events, thanks again    

 Martin Tack


Note You need to log in before you can comment on or make changes to this bug.