Summary: SELinux is preventing /usr/sbin/logrotate "getattr" access on /var/log/wtmp. Detailed Description: SELinux denied access requested by logrotate. It is not expected that this access is required by logrotate and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:logrotate_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_t:s0 Target Objects /var/log/wtmp [ file ] Source logrotate Source Path /usr/sbin/logrotate Port <Unknown> Host (removed) Source RPM Packages logrotate-3.7.8-8.fc13 Target RPM Packages initscripts-9.12-1.fc13 Policy RPM selinux-policy-3.7.19-15.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.4-95.fc13.x86_64 #1 SMP Thu May 13 05:16:23 UTC 2010 x86_64 x86_64 Alert Count 2 First Seen Sun 23 May 2010 01:16:02 PM CEST Last Seen Sun 23 May 2010 01:16:02 PM CEST Local ID 8c62f8ad-06e7-41ba-a75f-694be0a2fe44 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1274613362.483:21648): avc: denied { getattr } for pid=2826 comm="logrotate" path="/var/log/wtmp" dev=sda1 ino=366386 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1274613362.483:21648): arch=c000003e syscall=4 success=no exit=-13 a0=1a73650 a1=7fffaa18ae70 a2=7fffaa18ae70 a3=9 items=0 ppid=2824 pid=2826 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,logrotate,logrotate_t,var_t,file,getattr audit2allow suggests: #============= logrotate_t ============== allow logrotate_t var_t:file getattr;
*** This bug has been marked as a duplicate of bug 595100 ***