Bug 438698 - SELinux is preventing sh (logrotate_t) "getattr" to /var/lock/subsys/cobblerd (var_lock_t)
SELinux is preventing sh (logrotate_t) "getattr" to /var/lock/subsys/cobblerd...
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
Report from setroubleshoot browser
Depends On:
  Show dependency treegraph
Reported: 2008-03-24 11:59 EDT by Martin Tack
Modified: 2008-03-29 06:59 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-03-29 06:59:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
setroubleshoot report (2.73 KB, text/plain)
2008-03-24 12:06 EDT, Martin Tack
no flags Details

  None (edit)
Description Martin Tack 2008-03-24 11:59:56 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; nl; rv: Gecko/20080208 Fedora/ Firefox/

Description of problem:
I'm not aware of a method to reproduce it, since it is a automated report.
Have tried the suggested in the report, it still comes now end then.

Filling a bug report is one of them :-)

yet, I haven't enough knowledge from the Selinux securities system, to do
I'm learning quickly, so I can contribute, but there are quite allot
of "things" to do.

Grateful for your attention

Martin Tack 

Flanders / Belgium

Version-Release number of selected component (if applicable):

How reproducible:
Didn't try

Steps to Reproduce:

Actual Results:

Expected Results:

Additional info:
in attachment the setroubleshout report
Comment 1 Martin Tack 2008-03-24 12:06:50 EDT
Created attachment 298901 [details]
setroubleshoot report
Comment 2 Daniel Walsh 2008-03-28 06:21:04 EDT
I have no idea why this would happen.  Logrotate is supposed to transition when
it executes an init script.  

Cobbler provides a logrotate script that does

/etc/init.d/cobblerd condrestart

cobblerd should be labeled initrc_exec_t and should have transitioned correctly.

Could you make sure of the label on cobblerd
# ls -lZ /etc/rc.d/init.d/cobblerd 
-rwxr-xr-x  root root system_u:object_r:initrc_exec_t:s0 /etc/rc.d/init.d/cobblerd
Comment 3 Martin Tack 2008-03-28 12:27:58 EDT
[maurice@eerste ~]$ su -c 'ls -lZ /etc/rc.d/init.d/cobblerd'
-rwxr-xr-x  root root system_u:object_r:initrc_exec_t:s0 /etc/rc.d/init.d/cobblerd
[maurice@eerste ~]$ 

That seems to be, 
meanwhile I had a kind of attack, when using Firefox
2 GB ram and 2,4 GB swap and duo core 3,4 Ghz went crazy.
Only way to stop it; pull the plug.

With the latest updates (26mrt) I think this is solved (I have read the change
logs carefully :)
But for now I'm not sure if those cosed also the first problem.
I'll give notice of events, thanks again    

 Martin Tack

Note You need to log in before you can comment on or make changes to this bug.