Description of problem: Every morning there is a SELinux warning about logrotate and named. Version-Release number of selected component (if applicable): bind-9.5.1-2.P2.fc10.x86_64 logrotate-3.7.7-1.fc10.x86_64 selinux-policy-targeted-3.5.13-53.fc10.noarch selinux-policy-3.5.13-53.fc10.noarch How reproducible: Always Steps to Reproduce: 1. Wait. 2. 3. Actual results: Summary: SELinux is preventing logrotate (logrotate_t) "getattr" to /var/named/data/named.run (named_cache_t). Detailed Description: SELinux denied access requested by logrotate. It is not expected that this access is required by logrotate and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /var/named/data/named.run, restorecon -v '/var/named/data/named.run' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:logrotate_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:named_cache_t:s0 Target Objects /var/named/data/named.run [ file ] Source logrotate Source Path /usr/sbin/logrotate Port <Unknown> Host xxx Source RPM Packages logrotate-3.7.7-1.fc10 Target RPM Packages Policy RPM selinux-policy-3.5.13-53.fc10 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name xxx Platform Linux xxx 2.6.27.19-170.2.35.fc10.x86_64 #1 SMP Mon Feb 23 13:00:23 EST 2009 x86_64 x86_64 Alert Count 12 First Seen Fri 27 Mar 2009 04:38:30 GMT Last Seen Wed 01 Apr 2009 04:38:55 BST Local ID yyy Line Numbers Raw Audit Messages node=xxx type=AVC msg=audit(1238557135.172:2496): avc: denied { getattr } for pid=22282 comm="logrotate" path="/var/named/data/named.run" dev=dm-6 ino=2359305 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:named_cache_t:s0 tclass=file node=xxx type=SYSCALL msg=audit(1238557135.172:2496): arch=c000003e syscall=4 success=no exit=-13 a0=21477c0 a1=7fff292d2670 a2=7fff292d2670 a3=14 items=0 ppid=22280 pid=22282 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=29 comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) Expected results: No SELinux warning Additional info: Neither `restorecon -v '/var/named/data/named.run'` nor a reboot fixes this.
hello, users already reported this and new selinux policy is on its way to the repositories *** This bug has been marked as a duplicate of bug 492848 ***