Description of problem: I get the following complaints in my selinux logs when I have sysstat installed: host=huggy.ursus.net type=AVC msg=audit(1210179601.462:1765): avc: denied { read write } for pid=2244 comm="sadc" path="socket:[180862]" dev=sockfs ino=180862 scontext=system_u:system_r:sysstat_t:s0-s0:c0.c1023 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=tcp_socket host=huggy.ursus.net type=SYSCALL msg=audit(1210179601.462:1765): arch=c000003e syscall=59 success=yes exit=0 a0=28018d0 a1=2800d90 a2=2802bb0 a3=8 items=0 ppid=2240 pid=2244 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=285 comm="sadc" exe="/usr/lib64/sa/sadc" subj=system_u:system_r:sysstat_t:s0-s0:c0.c1023 key=(null) Version-Release number of selected component (if applicable): selinux-policy-targeted-3.3.1-42.fc9.noarch sysstat-8.0.4-3.fc9.x86_64 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: I don't know if it's important for sysstat to have access to cron, but if it is this appears to be a workaround: gen_require(` type sysstat_t; type crond_t; ') cron_rw_tcp_sockets(sysstat_t)
This is probably a pam module leaking an open file descriptor. How do you authorize users on your machine?
My system uses ldap/nss_ndap to authorize.
That is what I figured... *** This bug has been marked as a duplicate of 445584 ***