Bug 441676 - SELinux is preventing rsyslogd (syslogd_t) "getattr" to /boot/System.map-2.6.25-0.201.rc8.git4.fc9.x86_64 (boot_t).
SELinux is preventing rsyslogd (syslogd_t) "getattr" to /boot/System.map-2.6....
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: rsyslog (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Peter Vrabec
Fedora Extras Quality Assurance
: SELinux
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-09 09:41 EDT by Matěj Cepl
Modified: 2008-04-09 10:00 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-09 10:00:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matěj Cepl 2008-04-09 09:41:08 EDT
Description of problem:
I got two AVC denials:


Souhrn:

SELinux is preventing rsyslogd (syslogd_t) "getattr" to
/boot/System.map-2.6.25-0.201.rc8.git4.fc9.x86_64 (boot_t).

Podrobný popis:

[SELinux je v uvolněném režimu, operace by byla odmítnuta, ale byla povolena
kvůli uvolněnému režimu.]

SELinux denied access requested by rsyslogd. It is not expected that this access
is required by rsyslogd and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Povolení přístupu:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for
/boot/System.map-2.6.25-0.201.rc8.git4.fc9.x86_64,

restorecon -v '/boot/System.map-2.6.25-0.201.rc8.git4.fc9.x86_64'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Další informace:

Kontext zdroje                system_u:system_r:syslogd_t
Kontext cíle                 system_u:object_r:boot_t
Objekty cíle                 /boot/System.map-2.6.25-0.201.rc8.git4.fc9.x86_64
                              [ file ]
Zdroj                         rsyslogd
Cesta zdroje                  /sbin/rsyslogd
Port                          <Neznámé>
Počítač                    hubmaier.ceplovi.cz
RPM balíčky zdroje          rsyslog-3.14.1-2.fc9
RPM balíčky cíle           kernel-2.6.25-0.201.rc8.git4.fc9
RPM politiky                  selinux-policy-3.3.1-28.fc9
Selinux povolen               True
Typ politiky                  targeted
MLS povoleno                  True
Vynucovací režim            Permissive
Název zásuvného modulu     catchall_file
Název počítače            hubmaier.ceplovi.cz
Platforma                     Linux hubmaier.ceplovi.cz
                              2.6.25-0.201.rc8.git4.fc9.x86_64 #1 SMP Sun Apr 6
                              21:39:00 EDT 2008 x86_64 x86_64
Počet uporoznění           1
Poprvé viděno               St 9. duben 2008, 15:34:56 CEST
Naposledy viděno             St 9. duben 2008, 15:34:56 CEST
Místní ID                   3f811a15-7a1f-43cb-80e5-f9e8cc2dac8a
Čísla řádků              

Původní zprávy auditu      

host=hubmaier.ceplovi.cz type=AVC msg=audit(1207748096.908:768): avc:  denied  {
getattr } for  pid=17447 comm="rsyslogd"
path="/boot/System.map-2.6.25-0.201.rc8.git4.fc9.x86_64" dev=sda1 ino=18
scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:boot_t:s0
tclass=file

host=hubmaier.ceplovi.cz type=SYSCALL msg=audit(1207748096.908:768):
arch=c000003e syscall=5 success=yes exit=0 a0=9 a1=7fffddf35310 a2=7fffddf35310
a3=7f7bd5f176f0 items=0 ppid=17446 pid=17447 auid=4294967295 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rsyslogd"
exe="/sbin/rsyslogd" subj=system_u:system_r:syslogd_t:s0 key=(null)


==============================================================================


Souhrn:

SELinux is preventing rsyslogd (syslogd_t) "read" to
./System.map-2.6.25-0.201.rc8.git4.fc9.x86_64 (boot_t).

Podrobný popis:

[SELinux je v uvolněném režimu, operace by byla odmítnuta, ale byla povolena
kvůli uvolněnému režimu.]

SELinux denied access requested by rsyslogd. It is not expected that this access
is required by rsyslogd and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Povolení přístupu:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for
./System.map-2.6.25-0.201.rc8.git4.fc9.x86_64,

restorecon -v './System.map-2.6.25-0.201.rc8.git4.fc9.x86_64'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Další informace:

Kontext zdroje                system_u:system_r:syslogd_t
Kontext cíle                 system_u:object_r:boot_t
Objekty cíle                 ./System.map-2.6.25-0.201.rc8.git4.fc9.x86_64 [
                              file ]
Zdroj                         rsyslogd
Cesta zdroje                  /sbin/rsyslogd
Port                          <Neznámé>
Počítač                    hubmaier.ceplovi.cz
RPM balíčky zdroje          rsyslog-3.14.1-1.fc9
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.3.1-28.fc9
Selinux povolen               True
Typ politiky                  targeted
MLS povoleno                  True
Vynucovací režim            Permissive
Název zásuvného modulu     catchall_file
Název počítače            hubmaier.ceplovi.cz
Platforma                     Linux hubmaier.ceplovi.cz
                              2.6.25-0.201.rc8.git4.fc9.x86_64 #1 SMP Sun Apr 6
                              21:39:00 EDT 2008 x86_64 x86_64
Počet uporoznění           1
Poprvé viděno               St 9. duben 2008, 15:34:56 CEST
Naposledy viděno             St 9. duben 2008, 15:34:56 CEST
Místní ID                   8d67d649-d98c-43f7-92e6-9cb4f74b9897
Čísla řádků              

Původní zprávy auditu      

host=hubmaier.ceplovi.cz type=AVC msg=audit(1207748096.907:767): avc:  denied  {
read } for  pid=17447 comm="rsyslogd"
name="System.map-2.6.25-0.201.rc8.git4.fc9.x86_64" dev=sda1 ino=18
scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:boot_t:s0
tclass=file

host=hubmaier.ceplovi.cz type=SYSCALL msg=audit(1207748096.907:767):
arch=c000003e syscall=2 success=yes exit=8 a0=c49900 a1=0 a2=1b6 a3=7f7bd5f176f0
items=0 ppid=17446 pid=17447 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rsyslogd"
exe="/sbin/rsyslogd" subj=system_u:system_r:syslogd_t:s0 key=(null)

Version-Release number of selected component (if applicable):
rsyslog-3.14.1-2.fc9.x86_64
selinux-policy-targeted-3.3.1-29.fc9.noarch
Comment 1 Daniel Walsh 2008-04-09 10:00:42 EDT
Fixed in selinux-policy-targeted-3.3.1-30.fc9.noarch

Note You need to log in before you can comment on or make changes to this bug.