Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 226999 - logwatch audit script exits prematurely with SELinux enabled
Summary: logwatch audit script exits prematurely with SELinux enabled
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: logwatch
Version: 6
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Ivana Varekova
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-02-02 15:57 UTC by Ted Rule
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-02-05 09:21:18 UTC


Attachments (Terms of Use)

Description Ted Rule 2007-02-02 15:57:05 UTC
Description of problem:

The combination of strict enforcing SELinux policy and this line in 
/usr/share/logwatch/scripts/services/audit:

exit(0) unless -d '/selinux';

means that no log summary is produced for the "audit" service by
/etc/cron.daily/0logwatch

Because this line in /usr/share/logwatch/default.conf/services/audit.conf

*OnlyService = (kernel:)?\s*audit.*

filters out any non-audit log messages from the "pipe" into the service script,
it is effectively passed a null-length pipe if SELinux is not running anyway.
Hence the simplest fix is simply to remove the test for visibility of /selinux
in the logwatch service script, and avoid any further change to SELinux policy.


Version-Release number of selected component (if applicable):

logwatch-7.3-7.fc6 and selinux-policy-strict-2.4.6-27.fc6


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Ivana Varekova 2007-02-05 09:21:18 UTC
fixed in logwatch-7.3.2-6.fc7.


Note You need to log in before you can comment on or make changes to this bug.