From: vaclav.ovsik@i.cz (=?iso-8859-2?Q?V=E1clav_Ovs=EDk?=) Date: Wed, 27 Aug 2008 18:30:48 +0200 Subject: [refpolicy] Debian: logrotate_t needs to execute syslogd (test -x syslogd) Message-ID: <20080827163048.GA7735@bobek.pm.i.cz> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hi, while running cron.daily script /etc/cron.daily/sysklogd following denials appeared: Aug 27 13:13:50 sid kernel: [ 554.238311] type=1400 audit(1219835630.106:5): avc: denied { execute } for pid=5273 comm="sysklogd" name="syslogd" dev=hda2 ino=28 scontext=unconfined_u:system_r:logrotate_t:s0 tcontext=system_u:object_r:syslogd_exec_t:s0 tclass=file Aug 27 13:13:50 sid kernel: [ 554.243321] type=1300 audit(1219835630.106:5): arch=40000003 syscall=33 success=no exit=-13 a0=9d1c0a8 a1=1 a2=b7ef7ff4 a3=0 items=0 ppid=5161 pid=5273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sysklogd" exe="/bin/bash" subj=unconfined_u:system_r:logrotate_t:s0 key=(null) This is caused by line: test -x /sbin/syslogd || exit 0 near start of script. Access needs to be allowed test fails otherwise. Reported in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496809 A patch is included. Can be merged? Thanks -- Zito -------------- next part -------------- A non-text attachment was scrubbed... Name: logrotate_syslog_exec.patch Type: text/x-diff Size: 411 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20080827/24b561f3/attachment.bin