[packaging] [Bug 2710] New: SELinux is preventing httpd from open access on the file /var/log/kolab-syncroton/sql

Kolab Bugzilla noreply at kolab.org
Thu Dec 26 04:06:40 CET 2013


https://issues.kolab.org/show_bug.cgi?id=2710

            Bug ID: 2710
           Summary: SELinux is preventing httpd from open access on the
                    file /var/log/kolab-syncroton/sql
    Classification: Kolab Server
           Product: Kolab Server
           Version: 3.1-next
          Hardware: PC
                OS: Mac OS
            Status: NEW
          Severity: normal
          Priority: P3
         Component: packaging - rpm - fedora
          Assignee: vanmeeuwen at kolabsys.com
          Reporter: brad.rubenstein at gmail.com
        QA Contact: packaging-bugs at lists.kolabsys.com
       Ticket Type: ---

OS: Fedora 19
kolab-syncroton-2.2.3-17.fc19.kolab_3.1.noarch

SELinux is preventing httpd from open access on the file
/var/log/kolab-syncroton/sql.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that httpd should be allowed open access on the sql file by
default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:httpd_t:s0
Target Context                unconfined_u:object_r:var_log_t:s0
Target Objects                /var/log/kolab-syncroton/sql [ file ]
Source                        httpd
Source Path                   httpd
Port                          <Unknown>
Host                          kolab.example.com
Source RPM Packages           httpd-2.4.6-2.fc19.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-74.15.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     kolab.example.com
Platform                      Linux kolab.example.com
                              3.11.10-200.fc19.x86_64 #1 SMP Mon Dec 2 20:28:03
                              UTC 2013 x86_64 x86_64
Alert Count                   531
First Seen                    2013-12-05 19:38:07 PST
Last Seen                     2013-12-25 15:25:35 PST
Local ID                      05f62937-8e23-4e64-9db9-4a6c2934dda0

Raw Audit Messages
type=AVC msg=audit(1388013935.667:4929): avc:  denied  { open } for  pid=28274
comm="httpd" path="/var/log/kolab-syncroton/sql" dev="dm-4" ino=20840529
scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file


type=SYSCALL msg=audit(1388013935.667:4929): arch=x86_64 syscall=open
success=yes exit=EISDIR a0=7ff8e785bf28 a1=441 a2=1b6 a3=1c items=0 ppid=3060
pid=28274 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
sgid=48 fsgid=48 ses=4294967295 tty=(none) comm=httpd exe=/usr/sbin/httpd
subj=system_u:system_r:httpd_t:s0 key=(null)

Hash: httpd,httpd_t,var_log_t,file,open

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolabsys.com/pipermail/packaging-bugs/attachments/20131226/9c6083f1/attachment.htm>


More information about the packaging-bugs mailing list