View Issue Details

IDProjectCategoryView StatusLast Update
0017624CentOS-8selinux-policypublic2020-07-28 09:01
Reporterdanb1974 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
Product Version8.2.2004 
Target VersionFixed in Version 
Summary0017624: munin-update denied access to /var/log/munin/munin-update.log
Descriptionselinux set to enforced

munin.timer enabled, triggering munin-cron which fails to run munin-update because of selinux:

type=AVC msg=audit(1595926800.660:616): avc: denied { ioctl } for pid=10082 comm="munin-update" path="/usr/share/munin/munin-update" dev="dm-0" ino=372559 ioctlcmd=0x5401 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:munin_exec_t:s0 tclass=file permissive=0
type=AVC msg=audit(1595926800.930:617): avc: denied { getattr } for pid=10082 comm="munin-update" path="/var/log/munin/munin-update.log" dev="dm-0" ino=16853494 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:munin_log_t:s0 tclass=file permissive=0
type=AVC msg=audit(1595926800.930:618): avc: denied { append } for pid=10082 comm="munin-update" name="munin-update.log" dev="dm-0" ino=16853494 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:munin_log_t:s0 tclass=file permissive=0
Steps To Reproducednf install munin
systemctl enable --now munin.timer
systemctl enable --now munin-node
Additional Information# ls -1Z /var/log/munin
system_u:object_r:munin_log_t:s0 munin-cgi-graph.log
system_u:object_r:munin_log_t:s0 munin-cgi-html.log
system_u:object_r:munin_log_t:s0 munin-graph.log
system_u:object_r:munin_log_t:s0 munin-html.log
system_u:object_r:munin_log_t:s0 munin-limits.log
system_u:object_r:munin_log_t:s0 munin-update.log

Maybe related to https://bugzilla.redhat.com/show_bug.cgi?id=1857381
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-07-28 09:01 danb1974 New Issue