selinux logwatch and mdadm permission denied

All general questions related to SELinux

Moderator: xeont

Post a reply

selinux logwatch and mdadm permission denied

Postby pcouas » Mon Feb 20, 2017 7:49 pm

Hi,

Currently i have an permissions denied by logwatch

cat: /proc/mdstat: Permission denied" logwatch could not acces to file
I have tried without succes

grep mdstat /var/log/audit/audit.log.1 | audit2allow -M myp
cat myp.pp
semodule -i myp.pp

An idea ?
I use Centos 6.7
mdadm 3.3.2_5
selinux 3.7.19

Regards
Phil
pcouas
 
Posts: 3
Joined: Mon Feb 20, 2017 1:29 pm
Top

Share On:

Share on Facebook Facebook Share on Twitter Twitter Share on Digg Digg Share on MySpace MySpace Share on Delicious Delicious Share on Google+ Google+

Re: selinux logwatch and mdadm permission denied

Postby pcouas » Tue Feb 28, 2017 5:10 am

An yum upgrade to centos 6.8 does NOT resolve problem

In audit.log i have following message
type=AVC msg=audit(1487045409.935:116358): avc: denied { read } for pid=2282 comm="cat" name="mdstat" dev=proc ino=4026531995 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_mdstat_t:s0 tclass=file


Regards
pcouas
 
Posts: 3
Joined: Mon Feb 20, 2017 1:29 pm
Top

Re: selinux logwatch and mdadm permission denied

Postby xeont » Tue Feb 28, 2017 12:42 pm

What is in your .te file?
xeont
 
Posts: 13
Joined: Wed Jun 26, 2013 4:13 am
Top

Re: selinux logwatch and mdadm permission denied

Postby pcouas » Wed Mar 01, 2017 11:57 am

Hi,

My te file was empty, yesterday night i have relaunch it, then verify that's new te file is not empty, then launching semodule
This morning my logwatch was good no permission denied

Thanks
pcouas
 
Posts: 3
Joined: Mon Feb 20, 2017 1:29 pm
Top
Post a reply
Return to General Questions

Who is online

Users browsing this forum: No registered users and 2 guests
Powered by phpBB® Forum Software © phpBB Group

phpBB SEO
cron