Re: SELinux and named
On 03/29/2009 11:29 AM, Steven Stern wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Running named in a chroot, I've been getting these messages for about a week. Running restorecon, as suggested by the troubleshooter, doesn't help. Mar 26 05:08:55 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Mar 27 05:08:55 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Mar 28 05:08:53 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Mar 29 05:08:54 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae - -- Steve -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAknPk94ACgkQeERILVgMyvB8cACfW/z5vfNXbkgcGOiVxvLf3daZ K5AAmgO6L5PgrwgUUG4wAU7Rv7Jynh9z =/y/i -END PGP SIGNATURE- Is logrotate being setup specially to rotate files in /var/named/data/named.run ? Or is this a standard configuration? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: SELinux and named
Daniel J Walsh wrote: On 03/29/2009 11:29 AM, Steven Stern wrote: Running named in a chroot, I've been getting these messages for about a week. Running restorecon, as suggested by the troubleshooter, doesn't help. Mar 26 05:08:55 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Mar 27 05:08:55 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Mar 28 05:08:53 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Mar 29 05:08:54 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Is logrotate being setup specially to rotate files in /var/named/data/named.run ? Or is this a standard configuration? This is the standard logrotate. I used audit2allow to create a policy permitting it. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: SELinux and named
On 03/30/2009 12:54 PM, Steven Stern wrote: Daniel J Walsh wrote: On 03/29/2009 11:29 AM, Steven Stern wrote: Running named in a chroot, I've been getting these messages for about a week. Running restorecon, as suggested by the troubleshooter, doesn't help. Mar 26 05:08:55 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Mar 27 05:08:55 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Mar 28 05:08:53 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Mar 29 05:08:54 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Is logrotate being setup specially to rotate files in /var/named/data/named.run ? Or is this a standard configuration? This is the standard logrotate. I used audit2allow to create a policy permitting it. Ok I put a patch into Rawhide, and I believe the next F10 policy will have a fix for this. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: SELinux and named
Daniel J Walsh wrote: On 03/30/2009 12:54 PM, Steven Stern wrote: Daniel J Walsh wrote: On 03/29/2009 11:29 AM, Steven Stern wrote: Running named in a chroot, I've been getting these messages for about a week. Running restorecon, as suggested by the troubleshooter, doesn't help. Mar 26 05:08:55 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Mar 27 05:08:55 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Mar 28 05:08:53 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Mar 29 05:08:54 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Is logrotate being setup specially to rotate files in /var/named/data/named.run ? Or is this a standard configuration? This is the standard logrotate. I used audit2allow to create a policy permitting it. Ok I put a patch into Rawhide, and I believe the next F10 policy will have a fix for this. Fixed in selinux-policy-3.5.13-54.fc10 -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
SELinux and named
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Running named in a chroot, I've been getting these messages for about a week. Running restorecon, as suggested by the troubleshooter, doesn't help. Mar 26 05:08:55 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Mar 27 05:08:55 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Mar 28 05:08:53 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae Mar 29 05:08:54 sds-desk setroubleshoot: SELinux is preventing logrotate (logrotate_t) getattr to /var/named/data/named.run (named_cache_t). For complete SELinux messages. run sealert -l d0d5bc39-fa99-4238-be5c-480a54ed38ae - -- Steve -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAknPk94ACgkQeERILVgMyvB8cACfW/z5vfNXbkgcGOiVxvLf3daZ K5AAmgO6L5PgrwgUUG4wAU7Rv7Jynh9z =/y/i -END PGP SIGNATURE- -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines