Package: selinux-policy-default Version: 2:0.0.20080702-6 Severity: normal Tags: patch
Hi, while running cron.daily script /etc/cron.daily/sysklogd following denials appeared: Aug 27 13:13:50 sid kernel: [ 554.238311] type=1400 audit(1219835630.106:5): avc: denied { execute } for pid=5273 comm="sysklogd" name="syslogd" dev=hda2 ino=28 scontext=unconfined_u:system_r:logrotate_t:s0 tcontext=system_u:object_r:syslogd_exec_t:s0 tclass=file Aug 27 13:13:50 sid kernel: [ 554.243321] type=1300 audit(1219835630.106:5): arch=40000003 syscall=33 success=no exit=-13 a0=9d1c0a8 a1=1 a2=b7ef7ff4 a3=0 items=0 ppid=5161 pid=5273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sysklogd" exe="/bin/bash" subj=unconfined_u:system_r:logrotate_t:s0 key=(null) This is caused by line: test -x /sbin/syslogd || exit 0 near start of script. Access needs to be allowed test fails otherwise. Thanks -- Zito -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=cs_CZ.ISO-8859-2 (charmap=ISO-8859-2) Shell: /bin/sh linked to /bin/bash Versions of packages selinux-policy-default depends on: ii libpam-modules 1.0.1-3 Pluggable Authentication Modules f ii libselinux1 2.0.65-4 SELinux shared libraries ii libsepol1 2.0.30-2 Security Enhanced Linux policy lib ii policycoreutils 2.0.49-5 SELinux core policy utilities ii python 2.5.2-2 An interactive high-level object-o Versions of packages selinux-policy-default recommends: ii checkpolicy 2.0.16-1 SELinux policy compiler ii setools 3.3.4.ds-4 tools for Security Enhanced Linux Versions of packages selinux-policy-default suggests: pn logcheck <none> (no description available) pn syslog-summary <none> (no description available) -- no debconf information
Index: selinux-policy-src/policy/modules/admin/logrotate.te =================================================================== --- selinux-policy-src.orig/policy/modules/admin/logrotate.te 2008-08-27 17:27:48.000000000 +0200 +++ selinux-policy-src/policy/modules/admin/logrotate.te 2008-08-27 17:30:27.000000000 +0200 @@ -137,6 +137,9 @@ # for syslogd-listfiles logging_read_syslog_config(logrotate_t) + + # for "test -x /sbin/syslogd" + logging_domtrans_syslog(logrotate_t) ') optional_policy(`