[packaging] [Bug 2709] New: SELinux is preventing /usr/bin/python2.7 from write access on the file /var/log/kolab/pykolab.log

Kolab Bugzilla noreply at kolab.org
Thu Dec 26 04:00:13 CET 2013


https://issues.kolab.org/show_bug.cgi?id=2709

            Bug ID: 2709
           Summary: SELinux is preventing /usr/bin/python2.7 from write
                    access on the file /var/log/kolab/pykolab.log
    Classification: Kolab Server
           Product: Kolab Server
           Version: 3.1-next
          Hardware: PC
                OS: Mac OS
            Status: NEW
          Severity: normal
          Priority: P3
         Component: packaging - rpm - fedora
          Assignee: vanmeeuwen at kolabsys.com
          Reporter: brad.rubenstein at gmail.com
        QA Contact: packaging-bugs at lists.kolabsys.com
       Ticket Type: ---

SELinux is preventing /usr/bin/python2.7 from write access on the file
/var/log/kolab/pykolab.log.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that python2.7 should be allowed write access on the pykolab.log
file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep kolab_smtp_acce /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:postfix_master_t:s0
Target Context                unconfined_u:object_r:var_log_t:s0
Target Objects                /var/log/kolab/pykolab.log [ file ]
Source                        kolab_smtp_acce
Source Path                   /usr/bin/python2.7
Port                          <Unknown>
Host                          kolab.example.com
Source RPM Packages           python-2.7.5-9.fc19.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-74.15.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     kolab.example.com
Platform                      Linux kolab.example.com
                              3.11.10-200.fc19.x86_64 #1 SMP Mon Dec 2 20:28:03
                              UTC 2013 x86_64 x86_64
Alert Count                   1329
First Seen                    2013-12-05 14:36:00 PST
Last Seen                     2013-12-25 15:39:36 PST
Local ID                      2f11e7ab-b23a-4e62-a24e-5ab673f5a12e

Raw Audit Messages
type=AVC msg=audit(1388014776.740:4935): avc:  denied  { write } for  pid=1935
comm="kolab_smtp_acce" name="pykolab.log" dev="dm-4" ino=20840536
scontext=system_u:system_r:postfix_master_t:s0
tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file


type=SYSCALL msg=audit(1388014776.740:4935): arch=x86_64 syscall=utime
success=yes exit=0 a0=1915cb0 a1=0 a2=37dbfbbf88 a3=0 items=0 ppid=1934
pid=1935 auid=4294967295 uid=413 gid=413 euid=413 suid=413 fsuid=413 egid=413
sgid=413 fsgid=413 ses=4294967295 tty=(none) comm=kolab_smtp_acce
exe=/usr/bin/python2.7 subj=system_u:system_r:postfix_master_t:s0 key=(null)

Hash: kolab_smtp_acce,postfix_master_t,var_log_t,file,write

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolabsys.com/pipermail/packaging-bugs/attachments/20131226/476f8834/attachment.htm>


More information about the packaging-bugs mailing list