479131 – SELinux is preventing perl (logwatch_t) "write" to ./dmeventd_syslogpattern.txt (etc_t).

Bug 479131 - SELinux is preventing perl (logwatch_t) "write" to ./dmeventd_syslogpattern.txt (etc_t).

Summary: SELinux is preventing perl (logwatch_t) "write" to ./dmeventd_syslogpattern.t...

Keywords:
Status:	CLOSED DUPLICATE of bug 475562
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	selinux-policy
Sub Component:
Version:	5.3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Daniel Walsh
QA Contact:	BaseOS QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-01-07 14:11 UTC by Tim Burke
Modified:	2009-06-08 13:19 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-01-07 17:10:52 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Tim Burke 2009-01-07 14:11:08 UTC

Running RHEL5.3 circa about Dec 10.  Got this selinux issue.

Detailed DescriptionSELinux is preventing perl (logwatch_t) "write" to ./dmeventd_syslogpattern.txt (etc_t). The SELinux type etc_t, is a generic type for all files in the directory and very few processes (SELinux Domains) are allowed to write to this SELinux type. This type of denial usual indicates a mislabeled file. By default a file created in a directory has the gets the context of the parent directory, but SELinux policy has rules about the creation of directories, that say if a process running in one SELinux Domain (D1) creates a file in a directory with a particular SELinux File Context (F1) the file gets a different File Context (F2). The policy usually allows the SELinux Domain (D1) the ability to write, unlink, and append on (F2). But if for some reason a file (./dmeventd_syslogpattern.txt) was created with the wrong context, this domain will be denied. The usual solution to this problem is to reset the file context on the target file, restorecon -v './dmeventd_syslogpattern.txt'. If the file context does not change from etc_t, then this is probably a bug in policy. 

Additional InformationSource Context:  system_u:system_r:logwatch_t:SystemLow-SystemHighTarget Context:  user_u:object_r:etc_tTarget Objects:  ./dmeventd_syslogpattern.txt [ file ]Source:  perlSource Path:  /usr/bin/perlPort:  <Unknown>Host:  dhcp-100-18-29.bos.redhat.comSource RPM Packages:  perl-5.8.8-18.el5Target RPM Packages:  Policy RPM:  selinux-policy-2.4.6-197.el5Selinux Enabled:  TruePolicy Type:  targetedMLS Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  mislabeled_fileHost Name:  dhcp-100-18-29.bos.redhat.comPlatform:  Linux dhcp-100-18-29.bos.redhat.com 2.6.18-125.el5 #1 SMP Mon Dec 1 17:38:19 EST 2008 i686 i686Alert Count:  6

First Seen:  Sat 13 Dec 2008 09:55:59 AM ESTLast Seen:  Wed 07 Jan 2009 09:03:31 AM ESTLocal ID:  6b3256f7-190d-43a6-9d26-621c9d8b2117Line Numbers:  Raw Audit Messages :host=dhcp-100-18-29.bos.redhat.com type=AVC msg=audit(1231337011.206:24): avc: denied { write } for pid=4461 comm="perl" name="dmeventd_syslogpattern.txt" dev=dm-1 ino=4259950 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=user_u:object_r:etc_t:s0 tclass=file host=dhcp-100-18-29.bos.redhat.com type=SYSCALL msg=audit(1231337011.206:24): arch=40000003 syscall=5 success=no exit=-13 a0=972b138 a1=8002 a2=0 a3=8002 items=0 ppid=4458 pid=4461 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="perl" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null)

Comment 1 Daniel Walsh 2009-01-07 17:10:52 UTC


*** This bug has been marked as a duplicate of bug 475562 ***

Note You need to log in before you can comment on or make changes to this bug.