Zusammenfassung: SELinux is preventing /bin/bash "write" access on /var/log/prelink. Detaillierte Beschreibung: [prelink hat einen toleranten Typ (prelink_cron_system_t). Dieser Zugriff wurde nicht verweigert.] SELinux denied access requested by prelink. It is not expected that this access is required by prelink and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Zugriff erlauben: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Zusätzliche Informationen: Quellkontext system_u:system_r:prelink_cron_system_t:s0-s0:c0.c 1023 Zielkontext system_u:object_r:prelink_log_t:s0 Zielobjekte /var/log/prelink [ dir ] Quelle prelink Quellen-Pfad /bin/bash Port <Unbekannt> Host (removed) Quellen-RPM-Pakete bash-4.0.33-1.fc12 Ziel-RPM-Pakete prelink-0.4.2-4.fc12 RPM-Richtlinie selinux-policy-3.6.32-49.fc12 SELinux aktiviert True Richtlinienversion targeted Enforcing-Modus Enforcing Plugin-Name catchall Hostname (removed) Plattform Linux (removed) 2.6.31.6-145.fc12.i686 #1 SMP Sat Nov 21 16:28:23 EST 2009 i686 i686 Anzahl der Alarme 3 Zuerst gesehen Mi 02 Dez 2009 11:28:19 CET Zuletzt gesehen Mi 02 Dez 2009 11:28:19 CET Lokale ID 2a4e2a62-ac51-44c5-ba44-1fb0a7443d1f Zeilennummern Raw-Audit-Meldungen node=(removed) type=AVC msg=audit(1259749699.897:26640): avc: denied { write } for pid=4335 comm="prelink" name="prelink" dev=dm-0 ino=20262 scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:prelink_log_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1259749699.897:26640): avc: denied { add_name } for pid=4335 comm="prelink" name="prelink.log" scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:prelink_log_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1259749699.897:26640): avc: denied { create } for pid=4335 comm="prelink" name="prelink.log" scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:prelink_log_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1259749699.897:26640): arch=40000003 syscall=5 success=yes exit=4 a0=8f253f0 a1=8241 a2=1b6 a3=241 items=0 ppid=2587 pid=4335 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="prelink" exe="/bin/bash" subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.32-49.fc12,catchall,prelink,prelink_cron_system_t,prelink_log_t,dir,write audit2allow suggests: #============= prelink_cron_system_t ============== allow prelink_cron_system_t prelink_log_t:dir { write add_name }; allow prelink_cron_system_t prelink_log_t:file create;
You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.6.32-53.fc12.noarch
selinux-policy-3.6.32-55.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-55.fc12
selinux-policy-3.6.32-55.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-12650
selinux-policy-3.6.32-55.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
I'm having a similar problem involving bash and prelink, only this time the unwritable file is /var/lib/misc/prelink.quick. node=localhost.localdomain type=AVC msg=audit(1260227522.816:42): avc: denied { write } for pid=16275 comm="prelink" name="prelink.quick" dev=dm-0 ino=60667 scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cron_var_lib_t:s0 tclass=file node=localhost.localdomain type=AVC msg=audit(1260227522.816:42): avc: denied { open } for pid=16275 comm="prelink" name="prelink.quick" dev=dm-0 ino=60667 scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cron_var_lib_t:s0 tclass=file node=localhost.localdomain type=SYSCALL msg=audit(1260227522.816:42): arch=c000003e syscall=2 success=yes exit=128 a0=16628e0 a1=241 a2=1b6 a3=0 items=0 ppid=16265 pid=16275 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="prelink" exe="/bin/bash" subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null) I already have selinux-policy-3.6.32-55.fc12.noarch installed. Should I apply the same workaround suggested on comment #1? Or should I file a separate bug report?
restorecon -R -v /var/lib Should fix. Make sure you have selinux-policy-targeted-3.6.32-55.fc12 installed also