View Issue Details

IDProjectCategoryView StatusLast Update
0018258CentOS-7selinux-policypublic2021-07-23 19:01
Reporterrichardcg Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
OS Version7 
Summary0018258: SELinux is preventing /usr/sbin/rsyslogd from 'write' accesses on the directory ./.@
DescriptionDescription of problem:
after setting up a rsyslog server and setting settings.
SELinux is preventing /usr/sbin/rsyslogd from 'write' accesses on the directory ./.@

***** Plugin catchall_boolean (89.3 confidence) suggests ******************

If you want to allow daemons to dump core
Then you must tell SELinux about this by enabling the 'daemons_dump_core' boolean.

setsebool -P daemons_dump_core 1

***** Plugin catchall (11.6 confidence) suggests **************************

If you believe that rsyslogd should be allowed write access on the .@ directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'rs:main Q:Reg' --raw | audit2allow -M my-rsmainQReg
# semodule -i my-rsmainQReg.pp

Additional Information:
Source Context system_u:system_r:syslogd_t:s0
Target Context system_u:object_r:root_t:s0
Target Objects ./.@ [ dir ]
Source rs:main Q:Reg
Source Path /usr/sbin/rsyslogd
Port <Unknown>
Host (removed)
Source RPM Packages rsyslog-8.24.0-57.el7_9.1.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-1160.36.2.el7.x86_64 #1 SMP
                              Wed Jul 21 11:57:15 UTC 2021 x86_64 x86_64
Alert Count 22
First Seen 2021-07-23 14:25:56 EDT
Last Seen 2021-07-23 14:38:47 EDT
Local ID 8bc2a3de-8438-4c9b-a099-82ae18822351

Raw Audit Messages
type=AVC msg=audit(1627065527.155:746): avc: denied { write } for pid=1254 comm=72733A6D61696E20513A526567 name="/" dev="dm-0" ino=96 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir permissive=0

type=SYSCALL msg=audit(1627065527.155:746): arch=x86_64 syscall=open success=no exit=EACCES a0=7fa37c01f3a0 a1=80541 a2=1a4 a3=2 items=2 ppid=1 pid=1254 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=rs:main Q:Reg exe=/usr/sbin/rsyslogd subj=system_u:system_r:syslogd_t:s0 key=(null)

type=CWD msg=audit(1627065527.155:746): cwd=/

type=PATH msg=audit(1627065527.155:746): item=0 name=./ inode=96 dev=fd:00 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:root_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0

type=PATH msg=audit(1627065527.155:746): item=1 name=./.@ objtype=CREATE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0

Hash: rs:main Q:Reg,syslogd_t,root_t,dir,write

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-1160.36.2.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.




2021-07-23 19:01

manager   ~0038549

At the first glance this looks like something is mislabeled . Can you try a touch /.autorelabel && reboot ?

Issue History

Date Modified Username Field Change
2021-07-23 18:53 richardcg New Issue
2021-07-23 19:01 ManuelWolfshant Note Added: 0038549