Red Hat Bugzilla – Bug 616549
SELinux is preventing /usr/bin/perl "read" access on /usr/share/perl5/strict.pm.
Last modified: 2010-07-22 10:24:36 EDT
Summary: SELinux is preventing /usr/bin/perl "read" access on /usr/share/perl5/strict.pm. Detailed Description: SELinux denied access requested by logwatch. It is not expected that this access is required by logwatch and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:logwatch_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects /usr/share/perl5/strict.pm [ file ] Source logwatch Source Path /usr/bin/perl Port <Unknown> Host (removed) Source RPM Packages perl-5.10.1-114.fc13 Target RPM Packages perl-5.10.1-114.fc13 Policy RPM selinux-policy-3.7.19-37.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.6-147.fc13.x86_64 #1 SMP Tue Jul 6 22:32:17 UTC 2010 x86_64 x86_64 Alert Count 3 First Seen Tue 20 Jul 2010 09:39:01 AM CDT Last Seen Tue 20 Jul 2010 09:39:01 AM CDT Local ID a3c72a8a-9b04-4f2a-8e3f-88b347a5ed77 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1279636741.216:280): avc: denied { read } for pid=11290 comm="logwatch" name="strict.pm" dev=sda2 ino=530448 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1279636741.216:280): arch=c000003e syscall=2 success=no exit=-13 a0=16ed870 a1=0 a2=1b6 a3=384f31d820 items=0 ppid=11284 pid=11290 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=23 comm="logwatch" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,logwatch,logwatch_t,user_home_t,file,read audit2allow suggests: #============= logwatch_t ============== allow logwatch_t user_home_t:file read;
restorecon -R -v /usr/share/perl5 Any idea how this got mislabeled? What does the output of matchpathcon /usr/share/perl5/strict.pm Say?
I installed a bunch of perl packages I don't really need; one or more of those is probably the culprit. Here is the output of your command: [Donald@Zonotrichia ~]$ matchpathcon /usr/share/perl5/strict.pm /usr/share/perl5/strict.pm unconfined_u:object_r:user_home_t:s0 [Donald@Zonotrichia ~]$
> grep /usr/share/perl5 /etc/passwd > grep /usr/share/perl5 /etc/selinux/targeted/contexts/files/*
These two commands yielded no output.
What does matchpathcon /usr/share/perl5 output?
unconfined_u:object_r:user_home_dir_t:s0
Ok so something is telling perl5 it is a homedir. getent passwd | grep share
[Donald@Zonotrichia ~]$ getent passwd | grep share smolt:x:492:481:Smolt:/usr/share/smolt:/sbin/nologin tomcat:x:91:91:Apache Tomcat:/usr/share/tomcat5:/bin/sh jetty:x:488:472::/usr/share/jetty:/bin/sh cacti:x:485:467::/usr/share/cacti:/sbin/nologin icecast:x:472:453:icecast streaming server:/usr/share/icecast:/sbin/nologin ajaxterm:x:464:445:Ajaxterm user:/usr/share/ajaxterm:/sbin/nologin rabbit:x:463:444:rabbit:/usr/share/doc/RabbIT-4.1:/sbin/nologin dansguardian:x:459:439:DansGuardian web content filter:/usr/share/dansguardian:/sbin/nologin netdisco:x:502:502::/usr/share/netdisco/:/bin/sh
netdisco:x:502:502::/usr/share/netdisco/:/bin/sh Is causing the problem. Can you change its shell to /sbin/nologin? And then run # genhomedircon # restorecon -R -v /usr/share
I did that. Hopefully it won't change back now. Thanks for your patience with these issues, Daniel!