View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0017624 | CentOS-8 | selinux-policy | public | 2020-07-28 09:01 | 2020-11-16 21:54 |
| Reporter | danb1974 | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | new | Resolution | open | ||
| Product Version | 8.2.2004 | ||||
| Summary | 0017624: munin-update denied access to /var/log/munin/munin-update.log | ||||
| Description | selinux set to enforced munin.timer enabled, triggering munin-cron which fails to run munin-update because of selinux: type=AVC msg=audit(1595926800.660:616): avc: denied { ioctl } for pid=10082 comm="munin-update" path="/usr/share/munin/munin-update" dev="dm-0" ino=372559 ioctlcmd=0x5401 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:munin_exec_t:s0 tclass=file permissive=0 type=AVC msg=audit(1595926800.930:617): avc: denied { getattr } for pid=10082 comm="munin-update" path="/var/log/munin/munin-update.log" dev="dm-0" ino=16853494 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:munin_log_t:s0 tclass=file permissive=0 type=AVC msg=audit(1595926800.930:618): avc: denied { append } for pid=10082 comm="munin-update" name="munin-update.log" dev="dm-0" ino=16853494 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:munin_log_t:s0 tclass=file permissive=0 | ||||
| Steps To Reproduce | dnf install munin systemctl enable --now munin.timer systemctl enable --now munin-node | ||||
| Additional Information | # ls -1Z /var/log/munin system_u:object_r:munin_log_t:s0 munin-cgi-graph.log system_u:object_r:munin_log_t:s0 munin-cgi-html.log system_u:object_r:munin_log_t:s0 munin-graph.log system_u:object_r:munin_log_t:s0 munin-html.log system_u:object_r:munin_log_t:s0 munin-limits.log system_u:object_r:munin_log_t:s0 munin-update.log Maybe related to https://bugzilla.redhat.com/show_bug.cgi?id=1857381 | ||||
| Tags | No tags attached. | ||||
