View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0018258 | CentOS-7 | selinux-policy | public | 2021-07-23 18:53 | 2021-07-23 19:01 |
Reporter | richardcg | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | new | Resolution | open | ||
OS Version | 7 | ||||
Summary | 0018258: SELinux is preventing /usr/sbin/rsyslogd from 'write' accesses on the directory ./.@192.168.1.30. | ||||
Description | Description of problem: after setting up a rsyslog server and setting settings. SELinux is preventing /usr/sbin/rsyslogd from 'write' accesses on the directory ./.@192.168.1.30. ***** Plugin catchall_boolean (89.3 confidence) suggests ****************** If you want to allow daemons to dump core Then you must tell SELinux about this by enabling the 'daemons_dump_core' boolean. Do setsebool -P daemons_dump_core 1 ***** Plugin catchall (11.6 confidence) suggests ************************** If you believe that rsyslogd should be allowed write access on the .@192.168.1.30 directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'rs:main Q:Reg' --raw | audit2allow -M my-rsmainQReg # semodule -i my-rsmainQReg.pp Additional Information: Source Context system_u:system_r:syslogd_t:s0 Target Context system_u:object_r:root_t:s0 Target Objects ./.@192.168.1.30 [ dir ] Source rs:main Q:Reg Source Path /usr/sbin/rsyslogd Port <Unknown> Host (removed) Source RPM Packages rsyslog-8.24.0-57.el7_9.1.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-1160.36.2.el7.x86_64 #1 SMP Wed Jul 21 11:57:15 UTC 2021 x86_64 x86_64 Alert Count 22 First Seen 2021-07-23 14:25:56 EDT Last Seen 2021-07-23 14:38:47 EDT Local ID 8bc2a3de-8438-4c9b-a099-82ae18822351 Raw Audit Messages type=AVC msg=audit(1627065527.155:746): avc: denied { write } for pid=1254 comm=72733A6D61696E20513A526567 name="/" dev="dm-0" ino=96 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1627065527.155:746): arch=x86_64 syscall=open success=no exit=EACCES a0=7fa37c01f3a0 a1=80541 a2=1a4 a3=2 items=2 ppid=1 pid=1254 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=rs:main Q:Reg exe=/usr/sbin/rsyslogd subj=system_u:system_r:syslogd_t:s0 key=(null) type=CWD msg=audit(1627065527.155:746): cwd=/ type=PATH msg=audit(1627065527.155:746): item=0 name=./ inode=96 dev=fd:00 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:root_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1627065527.155:746): item=1 name=./.@192.168.1.30 objtype=CREATE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 Hash: rs:main Q:Reg,syslogd_t,root_t,dir,write Version-Release number of selected component: selinux-policy-3.13.1-268.el7_9.2.noarch | ||||
Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1160.36.2.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
Tags | No tags attached. | ||||
abrt_hash | 8b31606e3e0177bdd6903199312c3d4680eebae260a7957ae1a1286f152b2929 | ||||
URL | |||||
At the first glance this looks like something is mislabeled . Can you try a touch /.autorelabel && reboot ? | |
Date Modified | Username | Field | Change |
---|---|---|---|
2021-07-23 18:53 | richardcg | New Issue | |
2021-07-23 19:01 | ManuelWolfshant | Note Added: 0038549 |