Bug 447816 - avc: denied { getattr } for comm="logrotate" path="/var/log/rpmpkgs"
Summary: avc: denied { getattr } for comm="logrotate" path="/var/log/rpmpkgs"
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Fedora
Classification: Fedora
Component: rpm
Version: 10
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Panu Matilainen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-05-21 22:11 UTC by Robert Scheck
Modified: 2008-12-18 19:06 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-12-18 19:06:10 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Robert Scheck 2008-05-21 22:11:56 UTC 
Description of problem:
Interestingly, I'm seeing the following since selinux-policy-targeted-3.3.1-51, 
as far as I can remember.

type=AVC msg=audit(1211166611.444:2946): avc:  denied  { getattr } for  
pid=15432 comm="logrotate" path="/var/log/rpmpkgs" dev=cciss/c0d0p2 ino=16 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:root_t:s0 tclass=file
type=SYSCALL msg=audit(1211166611.444:2946): arch=40000003 syscall=196 
success=yes exit=0 a0=82bed98 a1=bfc4b15c a2=2b8ff4 a3=82bf2e0 items=0 
ppid=15430 pid=15432 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
fsgid=0 tty=(none) ses=496 comm="logrotate" exe="/usr/sbin/logrotate" 
subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1211166611.446:2947): avc:  denied  { getattr } for  
pid=15432 comm="logrotate" path="/var/log/rpmpkgs" dev=cciss/c0d0p2 ino=16 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:root_t:s0 tclass=file
type=SYSCALL msg=audit(1211166611.446:2947): arch=40000003 syscall=195 
success=yes exit=0 a0=82bedb0 a1=bfc4bb40 a2=2b8ff4 a3=bfc4bb40 items=0 
ppid=15430 pid=15432 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
fsgid=0 tty=(none) ses=496 comm="logrotate" exe="/usr/sbin/logrotate" 
subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.3.1-51

How reproducible:
Just execute /etc/cron.daily/rpm or wait until it is executed. Problem is IMHO 
the "/bin/mv "$tmpfile" /var/log/rpmpkgs". Either cat'ing the temporary file to 
there or conditional use of restorecon in the script, I would say.

Actual results:
AVC denied.

Expected results:
No AVC denied.
Comment 1 John Poelstra 2008-10-15 22:44:47 UTC 
This bug has been triaged

I can't reproduce this with selinux-policy-targeted-3.5.10-3.fc10.noarch

Are you still seeing it?
Comment 2 Bug Zapper 2008-11-26 02:19:09 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 3 Panu Matilainen 2008-12-18 19:06:10 UTC 
There *was* a problem with the temp file being generated to /tmp and then moved to place. The temporary output file has been generated directly into /var/log to ensure correct context since late 2007 however...
Note You need to log in before you can comment on or make changes to this bug.