Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 593393

Summary: perl-Razor-Agent-2.84-1.el5.src.rpm SElinux denials on log file
Product: Red Hat Enterprise Linux 5 Reporter: R P Herrold <herrold>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: low    
Version: 5.5CC: dwalsh, perl-devel, redhat-bugzilla
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-19 12:02:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description R P Herrold 2010-05-18 17:38:08 UTC 
Description of problem:

SElinux denials on log file

Version-Release number of selected component (if applicable):

perl-Razor-Agent-2.84-1.el5

How reproducible:

build, install run

Steps to Reproduce:

type=1107 audit(1273870143.957:3): user pid=1935 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  received policyload notice (seqno=2)
: exe="?" (sauid=81, hostname=?, addr=?, terminal=?)'
type=1403 audit(1273870143.961:4): policy loaded auid=4294967295 ses=4294967295
type=1400 audit(1274203962.780:5): avc:  denied  { ioctl } for  pid=9820 comm="spamd" path="/razor-agent.log" dev=sda2 ino=14 scontext=user_u:system_r:spamd_t:s0 tcontext=user_u:object_r:root_t:s0 tclass=file
type=1400 audit(1274203962.781:6): avc:  denied  { append } for  pid=9820 comm="spamd" path="/razor-agent.log" dev=sda2 ino=14 scontext=user_u:system_r:spamd_t:s0 tcontext=user_u:object_r:root_t:s0 tclass=file
Comment 1 Robert Scheck 2010-05-18 19:33:57 UTC 
Re-assigning to selinux-policy-targeted. Daniel, can you take care, please?
Comment 2 Daniel Walsh 2010-05-19 12:02:13 UTC 
Why is razor writing its log file in /?

If you move the log file to /var/log/ and run restorecon on it, this AVC will go away.

If you must have the log file in /, then you need to setup the correct labeling.

# semanage fcontext -a -t razor_log_t /razor-agent.log
# restorecon -v /razor-agent.log