Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 155795 - Logwatch cron script wants to write to root_t
Summary: Logwatch cron script wants to write to root_t
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: logwatch
Version: rawhide
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jiri Ryska
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: FC4Target
TreeView+ depends on / blocked
 
Reported: 2005-04-23 12:38 UTC by Ivan Gyurdiev
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-06-02 01:16:59 UTC


Attachments (Terms of Use)

Description Ivan Gyurdiev 2005-04-23 12:38:19 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050416 Fedora/1.0.3-2 Firefox/1.0.3

Description of problem:
audit(1114243323.340:0): avc:  denied  { add_name } for  pid=2451 exe=/usr/bin/perl name=logwatch.SfBRaj06 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t tclass=dir
audit(1114243323.340:0): avc:  denied  { create } for  pid=2451 exe=/usr/bin/perl name=logwatch.SfBRaj06 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t tclass=dir
audit(1114243323.632:0): avc:  denied  { ioctl } for  pid=2464 exe=/usr/bin/perl path=/logwatch.SfBRaj06/messages dev=dm-0 ino=713902 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t tclass=file
audit(1114243323.761:0): avc:  denied  { write } for  pid=2464 exe=/usr/bin/perl path=/logwatch.SfBRaj06/messages dev=dm-0 ino=713902 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t tclass=file
audit(1114243325.951:0): avc:  denied  { rmdir } for  pid=2451 exe=/usr/bin/perl name=logwatch.SfBRaj06 dev=dm-0 ino=713872 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t tclass=dir


Version-Release number of selected component (if applicable):
selinux-policy-strict-1.23.12-1

How reproducible:
Didn't try

Steps to Reproduce:


Additional info:

Comment 1 Daniel Walsh 2005-04-25 18:39:42 UTC
Why is logwatch writing files to /?

This looks like a configuration problem.

Comment 2 Ivan Gyurdiev 2005-04-25 19:11:48 UTC
No idea...changing component to logwatch.


Comment 3 Ivan Gyurdiev 2005-05-06 15:21:11 UTC
What's the status of this bug?
Why does logwatch write to / ? 

audit(1115366523.541:0): avc:  denied  { write } for  name=/ dev=dm-0 ino=2
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=dir
audit(1115366523.541:0): avc:  denied  { add_name } for  name=logwatch.WyrkQhyt
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=dir
audit(1115366523.541:0): avc:  denied  { create } for  name=logwatch.WyrkQhyt
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=dir
audit(1115366523.743:0): avc:  denied  { create } for  name=messages
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=file
audit(1115366523.746:0): avc:  denied  { ioctl } for 
path=/logwatch.WyrkQhyt/messages dev=dm-0 ino=713869
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=file
audit(1115366523.946:0): avc:  denied  { write } for 
path=/logwatch.WyrkQhyt/messages dev=dm-0 ino=713869
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=file
audit(1115366524.171:0): avc:  denied  { append } for 
path=/logwatch.WyrkQhyt/http-archive dev=dm-0 ino=713913
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:root_t
tclass=file
audit(1115366524.428:0): avc:  denied  { read } for  name=http-archive dev=dm-0
ino=713913 scontext=system_u:system_r:system_crond_t
tcontext=system_u:object_r:root_t tclass=file
audit(1115366528.183:0): avc:  denied  { remove_name } for  name=samba dev=dm-0
ino=713916 scontext=system_u:system_r:system_crond_t
tcontext=system_u:object_r:root_t tclass=dir
audit(1115366528.183:0): avc:  denied  { unlink } for  name=samba dev=dm-0
ino=713916 scontext=system_u:system_r:system_crond_t
tcontext=system_u:object_r:root_t tclass=file
audit(1115366528.185:0): avc:  denied  { rmdir } for  name=logwatch.WyrkQhyt
dev=dm-0 ino=713868 scontext=system_u:system_r:system_crond_t
tcontext=system_u:object_r:root_t tclass=dir


Comment 4 Jiri Ryska 2005-05-17 15:24:06 UTC
I have two questions:
1) what says "rpm -q logwatch"?
2) what says "grep TmpDir /etc/log.d/conf/logwatch.conf"?

Comment 5 Ivan Gyurdiev 2005-05-17 18:08:00 UTC
logwatch-6.0.1-1
TmpDir = /tmp


Comment 6 Jiri Ryska 2005-05-19 14:28:43 UTC
I think it should be fixed in logwatch-6.0.1-2. If you want to try my fixes they
are temporarily available at
http://people.redhat.com/jryska/logwatch-6.0.1-2.testing.noarch.rpm
http://people.redhat.com/jryska/logwatch-6.0.1-2.testing.src.rpm

Comment 7 bjorn l. 2005-05-21 00:04:27 UTC
This (and many other bugs) are fixed in the current upstream 6.1 release.
Is it possible to roll that in?


Comment 8 Ivan Gyurdiev 2005-06-02 01:16:59 UTC
Haven't seen this in a while...could it be fixed?

This is logwatch-6.0.1-2. Sorry that I didn't test it when you
asked me to - lots of stuff to take care of, and I forget.

Closing for now, may reopen if I see it again.




Note You need to log in before you can comment on or make changes to this bug.