Summary: SELinux is preventing 0logwatch (logwatch_t) "getattr" var_spool_t. Detailed Description: SELinux denied access requested by 0logwatch. It is not expected that this access is required by 0logwatch and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:logwatch_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:var_spool_t:s0 Target Objects /var/spool/bacula/log [ file ] Source 0logwatch Source Path /usr/bin/perl Port <Unknown> Host (removed) Source RPM Packages perl-5.10.0-82.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-86.fc11 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.30.9-96.fc11.i686.PAE #1 SMP Tue Nov 3 23:41:33 EST 2009 i686 i686 Alert Count 24 First Seen Thu 05 Nov 2009 10:48:03 AM CET Last Seen Fri 20 Nov 2009 09:49:02 AM CET Local ID fd9ad61d-f32e-494e-9119-fa7358c504bd Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1258706942.201:127): avc: denied { getattr } for pid=5177 comm="0logwatch" path="/var/spool/bacula/log" dev=dm-1 ino=948250 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1258706942.201:127): arch=40000003 syscall=195 success=no exit=-13 a0=900149c a1=8fdd0c0 a2=b39ff4 a3=8fdd008 items=0 ppid=5166 pid=5177 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7 comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.12-86.fc11,catchall,0logwatch,logwatch_t,var_spool_t,file,getattr audit2allow suggests: #============= logwatch_t ============== allow logwatch_t var_spool_t:file getattr;
*** This bug has been marked as a duplicate of bug 538428 ***