0017624: munin-update denied access to /var/log/munin/munin-update.log

ID	Project	Category	View Status	Date Submitted	Last Update

0017624	CentOS-8	selinux-policy	public	2020-07-28 09:01	2020-07-28 09:01

Reporter	danb1974
Priority	normal	Severity	major	Reproducibility	always
Status	new	Resolution	open
Product Version	8.2.2004
Target Version		Fixed in Version

Summary	0017624: munin-update denied access to /var/log/munin/munin-update.log
Description	selinux set to enforced munin.timer enabled, triggering munin-cron which fails to run munin-update because of selinux: type=AVC msg=audit(1595926800.660:616): avc: denied { ioctl } for pid=10082 comm="munin-update" path="/usr/share/munin/munin-update" dev="dm-0" ino=372559 ioctlcmd=0x5401 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:munin_exec_t:s0 tclass=file permissive=0 type=AVC msg=audit(1595926800.930:617): avc: denied { getattr } for pid=10082 comm="munin-update" path="/var/log/munin/munin-update.log" dev="dm-0" ino=16853494 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:munin_log_t:s0 tclass=file permissive=0 type=AVC msg=audit(1595926800.930:618): avc: denied { append } for pid=10082 comm="munin-update" name="munin-update.log" dev="dm-0" ino=16853494 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:munin_log_t:s0 tclass=file permissive=0
Steps To Reproduce	dnf install munin systemctl enable --now munin.timer systemctl enable --now munin-node
Additional Information	# ls -1Z /var/log/munin system_u:object_r:munin_log_t:s0 munin-cgi-graph.log system_u:object_r:munin_log_t:s0 munin-cgi-html.log system_u:object_r:munin_log_t:s0 munin-graph.log system_u:object_r:munin_log_t:s0 munin-html.log system_u:object_r:munin_log_t:s0 munin-limits.log system_u:object_r:munin_log_t:s0 munin-update.log Maybe related to https://bugzilla.redhat.com/show_bug.cgi?id=1857381
Tags	No tags attached.

View Issue Details

Activities

Issue History