AVCs from cron.daily (F9)

Daniel J Walsh dwalsh at redhat.com
Wed Jun 4 19:05:55 UTC 2008


Paul Howarth wrote:
> On my work box, which is an up-to-date F9 install, I get a set of AVCs
> from cron.daily every day, which I don't get on my home boxes. I suspect
> it's because we use LDAP auth at work. It boils down to this when passed
> through audit2allow -R:
> 
> require {
>     type logwatch_t;
>     type locate_t;
>     type tmpreaper_t;
>     type logrotate_t;
> }
> 
> #============= locate_t ==============
> cron_rw_tcp_sockets(locate_t)
> 
> #============= logrotate_t ==============
> cron_rw_tcp_sockets(logrotate_t)
> 
> #============= logwatch_t ==============
> cron_rw_tcp_sockets(logwatch_t)
> 
> #============= tmpreaper_t ==============
> cron_rw_tcp_sockets(tmpreaper_t)
> 
> 
> Sample AVC:
> time->Tue Jun  3 05:05:05 2008
> type=SYSCALL msg=audit(1212465905.734:5714): arch=c000003e syscall=59
> success=yes exit=0 a0=25545d0 a1=2551360 a2=25539a0 a3=8 items=0
> ppid=12101 pid=12134 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=605 comm="tmpwatch"
> exe="/usr/sbin/tmpwatch"
> subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1212465905.734:5714): avc:  denied  { read write }
> for  pid=12134 comm="tmpwatch" path="socket:[24785059]" dev=sockfs
> ino=24785059 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023
> tcontext=unconfined_u:system_r:crond_t:s0-s0:c0.c1023 tclass=tcp_socket
> 
> Paul.
> 
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Leaked file descriptor in nssldap?




More information about the fedora-selinux-list mailing list