Summary: SELinux is preventing munin-cron (munin_t) "read" to inotify (inotifyfs_t). Detailed Description: SELinux denied access requested by munin-cron. It is not expected that this access is required by munin-cron and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for inotify, restorecon -v 'inotify' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:munin_t:s0-s0:c0.c1023 Target Context system_u:object_r:inotifyfs_t:s0 Target Objects inotify [ dir ] Source munin-cron Source Path /bin/bash Port <Unknown> Host DMMLAPTOP Source RPM Packages bash-3.2-29.fc10 Target RPM Packages Policy RPM selinux-policy-3.5.13-18.fc10 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name DMMLAPTOP Platform Linux DMMLAPTOP 2.6.27.5-117.fc10.x86_64 #1 SMP Tue Nov 18 11:58:53 EST 2008 x86_64 x86_64 Alert Count 3 First Seen Thu 27 Nov 2008 11:05:01 PM MST Last Seen Thu 27 Nov 2008 11:15:01 PM MST Local ID 41f1ab1a-24cb-4aa0-a503-7dbe1d615045 Line Numbers Raw Audit Messages node=DMMLAPTOP type=AVC msg=audit(1227852901.975:324): avc: denied { read } for pid=5477 comm="munin-cron" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:munin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir node=DMMLAPTOP type=SYSCALL msg=audit(1227852901.975:324): arch=c000003e syscall=59 success=yes exit=0 a0=226b3d0 a1=226e3c0 a2=226d190 a3=33f836da70 items=0 ppid=5475 pid=5477 auid=489 uid=489 gid=479 euid=489 suid=489 fsuid=489 egid=479 sgid=479 fsgid=479 tty=(none) ses=47 comm="munin-cron" exe="/bin/bash" subj=system_u:system_r:munin_t:s0-s0:c0.c1023 key=(null)
Very odd. munin shouldn't use inotify at all in it's cron job. Can you add the output of: 1. rpm -V munin 2. df -h 3. /var/log/munin/munin-update.log Thanks.
$rpm -V minun (nothing) $df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/VolGroup00-LogVol00 108G 18G 85G 18% / /dev/sdb1 190M 24M 157M 14% /boot tmpfs 974M 516K 974M 1% /dev/shm /dev/sda1 104G 51G 53G 50% /media/OS minun-update.log (latest entry) Dec 01 18:25:02 - Starting munin-update Dec 01 18:25:02 [4017] - Processing domain: localhost Dec 01 18:25:02 [4017] - Processing node: localhost Dec 01 18:25:02 [4018] - Could not connect to localhost(127.0.0.1): Connection refused - Attempting to use old configuration Dec 01 18:25:02 [4017] - Processed node: localhost (0.00 sec) Dec 01 18:25:02 [4017] - Processed domain: localhost (0.00 sec) Dec 01 18:25:02 [4017] - connection from localhost -> localhost (4018) Dec 01 18:25:02 [4017] - connection from localhost -> localhost (4018) closed Dec 01 18:25:02 [4017] - Munin-update finished (0.10 sec) Hope it helps
Do you have munin-node installed and configured? (port 4018 it looks like)? Adding dwalsh here to CC. Dan: I dont understand what this reject is saying? Where does inotifyfs come into play here?
Munin is listing the contents of the inotify directory I wonder if some libraries are causing this. I have added this to the policy in selinux-policy-3.5.13-30.fc10
did not have munin-node installed but it is now. still getting selinux pop ups exactly every five minutes
Dennis: Can you try upgrading to the selinux-policy-3.5.13-30.fc10 that was mentioned in comment #4? Either wait for it to be released as an update, or you can get it directly from the build system at: http://koji.fedoraproject.org/koji/buildinfo?buildID=73064
I released it today.
I updated selinux and I am still experiencing the same problem
rpm -q selinux-policy-targeted
rpm -q selinux-policy-targeted shows: selinux-policy-targeted-3.5.13-30.fc10.noarch
Please update to selinux-policy-3.5.13-34.fc10 yum update selinux-policy-targeted
Ok the problem seems to have gone away. Thanks alot guys