[DSE-User] avc: denied { search } for pid=1177 comm="rsyslogd" name="spool"

Mika Pflüger debian at mikapflueger.de
Sun Mar 4 23:35:28 UTC 2012 

Hi,

Am Sun, 04 Mar 2012 17:35:34 +0100
schrieb Eggert Ehmke <eggert.ehmke at berlin.de>:

> Hello, I am new to SELinux and installed the debian packages on a
> running stable (6.0.4 Squeeze) Intel Quadcore 64bit system, following
> this guide: http://wiki.debian.org/SELinux/
> The installation went smoothly, no problems so far. But when I reboot
> the system in enforcing mode, the boot process will die when trying
> to load the lvm2. When booted in permissive mode, I get these errors
> in dmesg:
> 
> [   10.937036] type=1400 audit(1330856386.116:7): avc:  denied
> { search } for pid=1177 comm="rsyslogd" name="spool" dev=dm-0
> ino=425985 scontext=system_u:system_r:syslogd_t:s0 
> tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
> [   10.955520] type=1400 audit(1330856386.131:8): avc:  denied
> { write } for pid=1177 comm="rsyslogd" name="dev" dev=dm-0 ino=442375 
> scontext=system_u:system_r:syslogd_t:s0 
> tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
> [   10.955565] type=1400 audit(1330856386.131:9): avc:  denied
> { add_name } for  pid=1177 comm="rsyslogd" name="log" 
> scontext=system_u:system_r:syslogd_t:s0 
> tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
> [   10.955651] type=1400 audit(1330856386.131:10): avc:  denied
> { create } for  pid=1177 comm="rsyslogd" name="log" 
> scontext=system_u:system_r:syslogd_t:s0 
> tcontext=system_u:object_r:var_spool_t:s0 tclass=sock_file
> [   10.967624] type=1400 audit(1330856386.143:11): avc:  denied
> { setattr } for  pid=1177 comm="rsyslogd" name="log" dev=dm-0
> ino=442370 scontext=system_u:system_r:syslogd_t:s0 
> tcontext=system_u:object_r:var_spool_t:s0 tclass=sock_file
> 
> and some more. I guess when I learn how to solve the rsyslogd related 
> problems, I will be able to solve the others too. 
> 
> I understand that I am supposed to create some local policy rules.
> But all Howtos seem to assume that this is a simple task that must
> not be explained in detail. What am I missing?

these denials don't look like you need local policy, it looks more like
you need to activate the official policy bits that matter - could you
try and run the commands
# check-selinux-installation
# sestatus
# semodule -l
as root which report various bits about your selinux installation and
post the output?

Cheers,

Mika

-- 
Own your own computer. Don't use Windows 7. <http://windows7sins.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-user/attachments/20120305/4d5e56ec/attachment.pgp>

More information about the Selinux-user mailing list