Description of problem: logcheck tries to use lockfile-create to create a lock in /var/run/logcheck named logcheck.lock SELinux is preventing /usr/bin/lockfile-create from 'write' accesses on the directory logcheck. ***** Plugin catchall (100. confidence) suggests *************************** If sie denken, dass es lockfile-create standardmässig erlaubt sein sollte, write Zugriff auf logcheck directory zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep lockfile-create /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:logwatch_t:s0-s0:c0.c1023 Target Context system_u:object_r:logwatch_lock_t:s0 Target Objects logcheck [ dir ] Source lockfile-create Source Path /usr/bin/lockfile-create Port <Unbekannt> Host (removed) Source RPM Packages lockfile-progs-0.1.15-6.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-54.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.6-301.fc19.x86_64 #1 SMP Mon Jun 17 14:26:26 UTC 2013 x86_64 x86_64 Alert Count 18 First Seen 2013-06-30 22:02:01 CEST Last Seen 2013-07-01 21:02:01 CEST Local ID da86ed27-8c2b-430c-ae78-30a90dd6cc21 Raw Audit Messages type=AVC msg=audit(1372705321.699:2815): avc: denied { write } for pid=20764 comm="lockfile-create" name="logcheck" dev="tmpfs" ino=13870 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_lock_t:s0 tclass=dir type=SYSCALL msg=audit(1372705321.699:2815): arch=x86_64 syscall=open success=no exit=EACCES a0=8880b0 a1=c1 a2=1a4 a3=6 items=0 ppid=20757 pid=20764 auid=991 uid=991 gid=986 euid=991 suid=991 fsuid=991 egid=986 sgid=986 fsgid=986 ses=311 tty=(none) comm=lockfile-create exe=/usr/bin/lockfile-create subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null) Hash: lockfile-create,logwatch_t,logwatch_lock_t,dir,write Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.9.6-301.fc19.x86_64 type: libreport
commit adad70c897e399799b104099b723cae9ddefcea4 Author: Miroslav Grepl <mgrepl> Date: Tue Jul 2 09:58:49 2013 +0200 Allow logwatch manage own lock dirs
selinux-policy-3.12.1-59.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-59.fc19
Package selinux-policy-3.12.1-59.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-59.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-12373/selinux-policy-3.12.1-59.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-59.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.