Souhrn: SELinux is preventing /usr/bin/perl "getattr" access on /var/spool/bacula/log. Podrobný popis: SELinux denied access requested by logwatch. It is not expected that this access is required by logwatch and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Povolení přístupu: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Další informace: Kontext zdroje system_u:system_r:logwatch_t:s0-s0:c0.c1023 Kontext cíle unconfined_u:object_r:var_spool_t:s0 Objekty cíle /var/spool/bacula/log [ file ] Zdroj logwatch Cesta zdroje /usr/bin/perl Port <Neznámé> Počítač (removed) RPM balíčky zdroje perl-5.10.0-87.fc12 RPM balíčky cíle RPM politiky selinux-policy-3.6.32-69.fc12 Selinux povolen True Typ politiky targeted Vynucovací režim Enforcing Název zásuvného modulu catchall Název počítače (removed) Platforma Linux (removed) 2.6.31.12-174.2.3.fc12.i686.PAE #1 SMP Mon Jan 18 20:06:44 UTC 2010 i686 i686 Počet upozornění 6 Poprvé viděno St 20. leden 2010, 03:08:03 CET Naposledy viděno Pá 22. leden 2010, 03:45:02 CET Místní ID baf62fe3-4689-46ba-8fb3-48502a7b3bd2 Čísla řádků Původní zprávy auditu node=(removed) type=AVC msg=audit(1264128302.979:83): avc: denied { getattr } for pid=6339 comm="logwatch" path="/var/spool/bacula/log" dev=dm-2 ino=2622314 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1264128302.979:83): arch=40000003 syscall=195 success=no exit=-13 a0=92d8454 a1=92b40c0 a2=c17ff4 a3=92b4008 items=0 ppid=6333 pid=6339 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="logwatch" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.32-69.fc12,catchall,logwatch,logwatch_t,var_spool_t,file,getattr audit2allow suggests: #============= logwatch_t ============== allow logwatch_t var_spool_t:file getattr;
*** This bug has been marked as a duplicate of bug 546965 ***