logo       
<prev   next>

avc denied from logrotate: msg#00064

Subject: avc denied from logrotate 
This is a multi-part message in MIME format.
Attached and below is a short /var/log/messages file showing the avc denied messages that are generated using the current strict policy(selinux-policy-strict-sources-1.14.1-5). Note the messages inserted with "logger" that indicate where I switched from enforcing to permissive to actually get logrotate to work. 
HTH and please let me know if you need additional information.
Richard Hally

[root@new2 root]# cat /home/richard/messages.1
Jul 10 02:39:16 new2 syslogd 1.4.1: restart.
Jul 10 02:39:23 new2 kernel: audit(1089441563.715:0): avc: granted { setenforce } for pid=4032 exe=/usr/bin/setenforce scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security Jul 10 02:40:09 new2 kernel: audit(1089441609.750:0): avc: denied { search } for pid=4045 exe=/usr/bin/postgres name=pgsql dev=hda2 ino=722952 scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t tclass=dir 
Jul 10 02:43:15 new2 richard: that was logrotate in enforcing
Jul 10 02:43:34 new2 richard: now setting permissive
Jul 10 02:43:46 new2 kernel: audit(1089441826.619:0): avc: granted { setenforce } for pid=4101 exe=/usr/bin/setenforce scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security 
Jul 10 02:44:08 new2 richard: now doing logrotate
Jul 10 02:44:16 new2 kernel: audit(1089441856.765:0): avc: denied { transition } for pid=4105 exe=/bin/bash path=/etc/rc.d/init.d/cups dev=hda2 ino=864571 scontext=root:sysadm_r:logrotate_t tcontext=root:system_r:initrc_t tclass=process Jul 10 02:44:16 new2 kernel: audit(1089441856.773:0): avc: denied { use } for pid=4107 exe=/sbin/consoletype path=/dev/null dev=hda2 ino=1064669 scontext=root:system_r:consoletype_t tcontext=root:sysadm_r:logrotate_t tclass=fd 
Jul 10 02:44:16 new2 cups: cupsd shutdown succeeded
Jul 10 02:44:16 new2 kernel: audit(1089441856.913:0): avc: denied { ioctl } for pid=4114 exe=/usr/bin/python path=/dev/pts/0 dev=devpts ino=2 scontext=root:system_r:cupsd_t tcontext=root:object_r:sysadm_devpts_t tclass=chr_file Jul 10 02:44:16 new2 kernel: audit(1089441856.914:0): avc: denied { getattr } for pid=4114 exe=/usr/bin/python path=/dev/pts/0 dev=devpts ino=2 scontext=root:system_r:cupsd_t tcontext=root:object_r:sysadm_devpts_t tclass=chr_file Jul 10 02:44:17 new2 kernel: audit(1089441857.053:0): avc: denied { read } for pid=4121 exe=/bin/bash name=.bashrc dev=hda2 ino=130311 scontext=root:system_r:cupsd_t tcontext=root:object_r:staff_home_t tclass=file Jul 10 02:44:17 new2 kernel: audit(1089441857.053:0): avc: denied { getattr } for pid=4121 exe=/bin/bash path=/root/.bashrc dev=hda2 ino=130311 scontext=root:system_r:cupsd_t tcontext=root:object_r:staff_home_t tclass=file Jul 10 02:44:17 new2 kernel: audit(1089441857.056:0): avc: denied { search } for pid=4123 exe=/usr/bin/id name=selinux dev=hda2 ino=913073 scontext=root:system_r:cupsd_t tcontext=system_u:object_r:selinux_config_t tclass=dir Jul 10 02:44:17 new2 kernel: audit(1089441857.056:0): avc: denied { read } for pid=4123 exe=/usr/bin/id name=config dev=hda2 ino=914871 scontext=root:system_r:cupsd_t tcontext=system_u:object_r:selinux_config_t tclass=file Jul 10 02:44:17 new2 kernel: audit(1089441857.056:0): avc: denied { getattr } for pid=4123 exe=/usr/bin/id path=/etc/selinux/config dev=hda2 ino=914871 scontext=root:system_r:cupsd_t tcontext=system_u:object_r:selinux_config_t tclass=file 
Jul 10 02:44:17 new2 cups: cupsd startup succeeded


Jul 10 02:39:16 new2 syslogd 1.4.1: restart.
Jul 10 02:39:23 new2 kernel: audit(1089441563.715:0): avc:  granted  { 
setenforce } for  pid=4032 exe=/usr/bin/setenforce 
scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t 
tclass=security
Jul 10 02:40:09 new2 kernel: audit(1089441609.750:0): avc:  denied  { search } 
for  pid=4045 exe=/usr/bin/postgres name=pgsql dev=hda2 ino=722952 
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t 
tclass=dir
Jul 10 02:43:15 new2 richard: that was logrotate in enforcing
Jul 10 02:43:34 new2 richard: now setting permissive
Jul 10 02:43:46 new2 kernel: audit(1089441826.619:0): avc:  granted  { 
setenforce } for  pid=4101 exe=/usr/bin/setenforce 
scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t 
tclass=security
Jul 10 02:44:08 new2 richard: now doing logrotate
Jul 10 02:44:16 new2 kernel: audit(1089441856.765:0): avc:  denied  { 
transition } for  pid=4105 exe=/bin/bash path=/etc/rc.d/init.d/cups dev=hda2 
ino=864571 scontext=root:sysadm_r:logrotate_t tcontext=root:system_r:initrc_t 
tclass=process
Jul 10 02:44:16 new2 kernel: audit(1089441856.773:0): avc:  denied  { use } for 
 pid=4107 exe=/sbin/consoletype path=/dev/null dev=hda2 ino=1064669 
scontext=root:system_r:consoletype_t tcontext=root:sysadm_r:logrotate_t 
tclass=fd
Jul 10 02:44:16 new2 cups: cupsd shutdown succeeded
Jul 10 02:44:16 new2 kernel: audit(1089441856.913:0): avc:  denied  { ioctl } 
for  pid=4114 exe=/usr/bin/python path=/dev/pts/0 dev=devpts ino=2 
scontext=root:system_r:cupsd_t tcontext=root:object_r:sysadm_devpts_t 
tclass=chr_file
Jul 10 02:44:16 new2 kernel: audit(1089441856.914:0): avc:  denied  { getattr } 
for  pid=4114 exe=/usr/bin/python path=/dev/pts/0 dev=devpts ino=2 
scontext=root:system_r:cupsd_t tcontext=root:object_r:sysadm_devpts_t 
tclass=chr_file
Jul 10 02:44:17 new2 kernel: audit(1089441857.053:0): avc:  denied  { read } 
for  pid=4121 exe=/bin/bash name=.bashrc dev=hda2 ino=130311 
scontext=root:system_r:cupsd_t tcontext=root:object_r:staff_home_t tclass=file
Jul 10 02:44:17 new2 kernel: audit(1089441857.053:0): avc:  denied  { getattr } 
for  pid=4121 exe=/bin/bash path=/root/.bashrc dev=hda2 ino=130311 
scontext=root:system_r:cupsd_t tcontext=root:object_r:staff_home_t tclass=file
Jul 10 02:44:17 new2 kernel: audit(1089441857.056:0): avc:  denied  { search } 
for  pid=4123 exe=/usr/bin/id name=selinux dev=hda2 ino=913073 
scontext=root:system_r:cupsd_t tcontext=system_u:object_r:selinux_config_t 
tclass=dir
Jul 10 02:44:17 new2 kernel: audit(1089441857.056:0): avc:  denied  { read } 
for  pid=4123 exe=/usr/bin/id name=config dev=hda2 ino=914871 
scontext=root:system_r:cupsd_t tcontext=system_u:object_r:selinux_config_t 
tclass=file
Jul 10 02:44:17 new2 kernel: audit(1089441857.056:0): avc:  denied  { getattr } 
for  pid=4123 exe=/usr/bin/id path=/etc/selinux/config dev=hda2 ino=914871 
scontext=root:system_r:cupsd_t tcontext=system_u:object_r:selinux_config_t 
tclass=file
Jul 10 02:44:17 new2 cups: cupsd startup succeeded
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: policy addition for mozilla, Richard Hally
Next by Date:  avc denied from mDNSResponder, Richard Hally
Previous by Thread:  Re: Mozilla accessing java engine yield denials, Colin Walters
Next by Thread:  Re: avc denied from logrotate, Russell Coker
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
linux.arklinux....    user-groups.lin...    kde.usability/2...    ietf.ipp/2002-0...    mail.spam.spamc...    os.netbsd.devel...    audio.cd-record...    text.unicode.de...    php.documentati...    games.fps.halfl...    window-managers...    suse.oracle.gen...    bug-tracking.gn...    video.dvdrip.us...    xfree86.cvs/200...    java.netbeans.m...    network.argus/2...    culture.sf.kill...    debian.ports.al...    freebsd.questio...    qplus.devel/200...    handhelds.palm....   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe