Bug 479131 - SELinux is preventing perl (logwatch_t) "write" to ./dmeventd_syslogpattern.txt (etc_t).
SELinux is preventing perl (logwatch_t) "write" to ./dmeventd_syslogpattern.t...
Status: CLOSED DUPLICATE of bug 475562
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.3
All Linux
medium Severity medium
: rc
: ---
Assigned To: Daniel Walsh
BaseOS QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-07 09:11 EST by Tim Burke
Modified: 2009-06-08 09:19 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-07 12:10:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Tim Burke 2009-01-07 09:11:08 EST
Running RHEL5.3 circa about Dec 10.  Got this selinux issue.

Detailed DescriptionSELinux is preventing perl (logwatch_t) "write" to ./dmeventd_syslogpattern.txt (etc_t). The SELinux type etc_t, is a generic type for all files in the directory and very few processes (SELinux Domains) are allowed to write to this SELinux type. This type of denial usual indicates a mislabeled file. By default a file created in a directory has the gets the context of the parent directory, but SELinux policy has rules about the creation of directories, that say if a process running in one SELinux Domain (D1) creates a file in a directory with a particular SELinux File Context (F1) the file gets a different File Context (F2). The policy usually allows the SELinux Domain (D1) the ability to write, unlink, and append on (F2). But if for some reason a file (./dmeventd_syslogpattern.txt) was created with the wrong context, this domain will be denied. The usual solution to this problem is to reset the file context on the target file, restorecon -v './dmeventd_syslogpattern.txt'. If the file context does not change from etc_t, then this is probably a bug in policy. 

Additional InformationSource Context:  system_u:system_r:logwatch_t:SystemLow-SystemHighTarget Context:  user_u:object_r:etc_tTarget Objects:  ./dmeventd_syslogpattern.txt [ file ]Source:  perlSource Path:  /usr/bin/perlPort:  <Unknown>Host:  dhcp-100-18-29.bos.redhat.comSource RPM Packages:  perl-5.8.8-18.el5Target RPM Packages:  Policy RPM:  selinux-policy-2.4.6-197.el5Selinux Enabled:  TruePolicy Type:  targetedMLS Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  mislabeled_fileHost Name:  dhcp-100-18-29.bos.redhat.comPlatform:  Linux dhcp-100-18-29.bos.redhat.com 2.6.18-125.el5 #1 SMP Mon Dec 1 17:38:19 EST 2008 i686 i686Alert Count:  6

First Seen:  Sat 13 Dec 2008 09:55:59 AM ESTLast Seen:  Wed 07 Jan 2009 09:03:31 AM ESTLocal ID:  6b3256f7-190d-43a6-9d26-621c9d8b2117Line Numbers:  Raw Audit Messages :host=dhcp-100-18-29.bos.redhat.com type=AVC msg=audit(1231337011.206:24): avc: denied { write } for pid=4461 comm="perl" name="dmeventd_syslogpattern.txt" dev=dm-1 ino=4259950 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=user_u:object_r:etc_t:s0 tclass=file host=dhcp-100-18-29.bos.redhat.com type=SYSCALL msg=audit(1231337011.206:24): arch=40000003 syscall=5 success=no exit=-13 a0=972b138 a1=8002 a2=0 a3=8002 items=0 ppid=4458 pid=4461 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="perl" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null)
Comment 1 Daniel Walsh 2009-01-07 12:10:52 EST

*** This bug has been marked as a duplicate of bug 475562 ***

Note You need to log in before you can comment on or make changes to this bug.