[DSE-Dev] Bug#707293: selinux-policy-default: selinux prevent rsyslog from creating /dev/log in the postfix chroot

Wed, 08 May 2013 13:27:21 -0700 

Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: normal

Hi,
Using the default postfix configuration and selinux, there is several AVC in 
the logs like this 

avc:  denied  { write } for  pid=548 comm="rsyslogd" name="dev" dev=sda1 
ino=137040 scontext=system_u:system_r:syslogd_t:s0 
tcontext=system_u:object_r:postfix_spool_t:s0 tclass=dir
avc:  denied  { add_name } for  pid=548 comm="rsyslogd" name="log" 
scontext=system_u:system_r:syslogd_t:s0 
tcontext=system_u:object_r:postfix_spool_t:s0 tclass=dir  
avc:  denied  { create } for  pid=548 comm="rsyslogd" name="log" 
scontext=system_u:system_r:syslogd_t:s0 
tcontext=system_u:object_r:postfix_spool_t:s0 tclass=sock_file
avc:  denied  { setattr } for  pid=548 comm="rsyslogd" name="log" dev=sda1 
ino=131515 scontext=system_u:system_r:syslogd_t:s0 
tcontext=system_u:object_r:postfix_spool_t:s0 tclass=sock_file

I think the issue is because /var/spool/postfix/dev/log is not properly 
labelled in the policy. I will attach a untested patch 
to that bug report.

-- System Information:
Debian Release: 7.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=ANSI_X3.4-1968) 
(ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules   1.1.3-7.1
ii  libselinux1      2.1.9-5
ii  libsepol1        2.1.4-3
ii  policycoreutils  2.1.10-9
ii  python           2.7.3-4

Versions of packages selinux-policy-default recommends:
ii  checkpolicy  2.1.8-2
ii  setools      3.3.7-3

Versions of packages selinux-policy-default suggests:
pn  logcheck        <none>
pn  syslog-summary  <none>

-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission 
denied: u'/etc/selinux/default/modules/active/file_contexts.local'

-- no debconf information

_______________________________________________
SELinux-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel

Reply via email to