Bug 461624 - auditd service won't start because of "Unable to open /sbin/audispd (Permission denied)"
auditd service won't start because of "Unable to open /sbin/audispd (Permissi...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.3
All Linux
medium Severity high
: beta
: ---
Assigned To: Daniel Walsh
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-09 11:24 EDT by Jay Turner
Modified: 2015-01-07 19:16 EST (History)
4 users (show)

See Also:
Fixed In Version: 2.4.6-157.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-23 08:18:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jay Turner 2008-09-09 11:24:23 EDT
Description of problem:
I'm not able to start the auditd service because of:

Sep  9 11:12:41 haring kernel: type=1400 audit(1220973161.087:70): avc:  denied  { read } for  pid=4184 comm="auditd" name="audispd" dev=dm-0 ino=620352 scontext=user_u:system_r:auditd_t:s0 tcontext=system_u:object_r:audisp_exec_t:s0 tclass=file
Sep  9 11:12:41 haring auditd: Unable to open /sbin/audispd (Permission denied)

Version-Release number of selected component (if applicable):
# rpm -q audit kernel selinux-policy-targeted
audit-1.6.5-9.el5
kernel-2.6.18-109.el5
selinux-policy-targeted-2.4.6-152.el5

How reproducible:
Always

Steps to Reproduce:
1. 'service auditd start'
2.
3.
  
Actual results:
syslog:
Sep  9 11:12:41 haring kernel: type=1400 audit(1220973161.087:70): avc:  denied  { read } for  pid=4184 comm="auditd" name="audispd" dev=dm-0 ino=620352 scontext=user_u:system_r:auditd_t:s0 tcontext=system_u:object_r:audisp_exec_t:s0 tclass=file
Sep  9 11:12:41 haring auditd: Unable to open /sbin/audispd (Permission denied)
Sep  9 11:12:41 haring auditd: The audit daemon is exiting.


Expected results:


Additional info:
Comment 2 Steve Grubb 2008-09-11 11:33:17 EDT
This looks like a policy bug. transferring to selinux-policy.
Comment 3 Daniel Walsh 2008-09-11 13:41:56 EDT
Fixed in /selinux-policy-2.4.6-155.el5
Comment 4 Jay Turner 2008-09-11 20:13:09 EDT
-155.el5 build failed
Comment 5 Jay Turner 2008-09-16 09:22:35 EDT
Moving back to assigned so the bug doesn't fall off the radar.
Comment 6 Jay Turner 2008-09-16 14:21:03 EDT
Fix confirmed with -157.el5.  Will close out once that package appears in a 5.3-candidate compose.
Comment 7 Jay Turner 2008-09-23 08:18:48 EDT
2.4.6-158.el5 included in beta-candidate trees (20080919.1 for Server and 20080919.2 for Client)

Note You need to log in before you can comment on or make changes to this bug.