Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 188689 - SELinux Targeted breaks syslog daemon
Summary: SELinux Targeted breaks syslog daemon
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-04-12 05:32 UTC by Tony Tsui
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-02-14 15:17:40 UTC


Attachments (Terms of Use)
yum log (deleted)
2006-05-12 00:09 UTC, Tony Tsui
no flags Details
/etc/services (deleted)
2006-05-15 00:04 UTC, Tony Tsui
no flags Details

Description Tony Tsui 2006-04-12 05:32:46 UTC
Hi, 

Not sure if this is right component to report this bug against.

Description of problem:
syslog started via /etc/init.d/syslog has the following avc denied messages:

Apr 12 15:33:26 rifter kernel: audit(1144820006.817:4830): avc:  denied  { read
} for  pid=3855 comm="syslogd" name="services" dev=hda8 ino=645832
scontext=user_u:system_r:syslogd_t:s0
tcontext=user_u:object_r:rpm_script_tmp_t:s0 tclass=file
Apr 12 15:33:26 rifter kernel: audit(1144820006.817:4831): avc:  denied  {
getattr } for  pid=3855 comm="syslogd" name="services" dev=hda8 ino=645832
scontext=user_u:system_r:syslogd_t:s0
tcontext=user_u:object_r:rpm_script_tmp_t:s0 tclass=file


The security contexts for /etc/services is:

[root@rifter ~]# ll -Z /etc/services
-rw-r--r--  root     root     user_u:object_r:rpm_script_tmp_t /etc/services


Interestingly syslogd started via the command line does not have this problem.

Version-Release number of selected component (if applicable):
[tony@rifter packages] rpm -qa | grep selinux
selinux-policy-2.2.29-3.fc5
libselinux-devel-1.30-1.fc5
libselinux-1.30-1.fc5
libselinux-python-1.30-1.fc5
selinux-policy-targeted-2.2.29-3.fc5


How reproducible:
Everytime.

Steps to Reproduce:
1. Start syslogd via /etc/init.d/syslog start
  
Actual results:
syslog will not log any messages in log files, e.g. /var/log/messages

Expected results:
Syslog should log files.

Additional info:
I saw the avc denied messages after disabling enforcing via setenforce 0.

Comment 2 Daniel Walsh 2006-05-09 15:46:32 UTC
How did services get that label?  Seems some appl;ication updated services in a
postinstall script and then moved it from /tmp to /etc

restorcon /etc/services will fix the labeling.  Any idea what caused it?

Comment 3 Tony Tsui 2006-05-12 00:09:03 UTC
Created attachment 128923 [details]
yum log

Hi,

I don't know what caused this. Attached are the packages which was updated just
before I notice the problem. Unfortunately it is a fairly long list. I've
manually checked the spec file for a few packages but didn't notice any code to
modify /etc/services.

Perhaps it is possible to checkout the spec files for all these packages from
CVS and grep for "services"?

Tony

Comment 4 Daniel Walsh 2006-05-12 20:07:03 UTC
Could you attach your /etc/services, maybe we can diff it to see which service
was added.

Comment 5 Tony Tsui 2006-05-15 00:04:22 UTC
Created attachment 129023 [details]
/etc/services

Hi,

Here is my /etc/services

Comment 7 Daniel Walsh 2007-02-14 15:17:40 UTC
All of these bugs should be fixed in FC6,  You could attempt to use the FC6
policy on FC5 or upgrade.  Or you could use 

audit2allow -M mypolicy -i /var/log/audit/audit.log 
and build local customized policy


Note You need to log in before you can comment on or make changes to this bug.