[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: cupsd accessing afick.log clamd.log freshclam.log



Vikram Goyal wrote:
Hello,

I am getting these avc denied messages. I am not sure if these should be
incorporated in local policy.

type=AVC msg=audit(1159051843.723:565): avc:  denied  { read write } for
pid=14645 comm="cupsd" name="afick.log" dev=sda12 ino=643989
scontext=user_u:system_r:cupsd_t:s0-s0:c0.c255
tcontext=system_u:object_r:var_log_t:s0 tclass=file

type=AVC msg=audit(1159051843.723:565): avc:  denied  { read write } for
pid=14645 comm="cupsd" name="clamd.log" dev=sda12 ino=643867
scontext=user_u:system_r:cupsd_t:s0-s0:c0.c255
tcontext=root:object_r:clamd_var_log_t:s0 tclass=file

type=AVC msg=audit(1159051843.723:565): avc:  denied  { read write } for
pid=14645 comm="cupsd" name="freshclam.log" dev=sda12 ino=643915
scontext=user_u:system_r:cupsd_t:s0-s0:c0.c255
tcontext=root:object_r:var_log_t:s0 tclass=file


audit2allow produces - allow cupsd_t clamd_var_log_t:file { read write };
allow cupsd_t var_log_t:file { read write };

These look like leaked file descriptor. Most likely logrotate. Since logrotate probably opens these files for r/w and it restarts cups.

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205072
The installed versions are:
cups-1.2.3-1.6
clamav-0.88.4-21.fc5.at
afick-2.2-2.2.fc5.rf

Thanks!


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]