On Sun, 04 Jan 2009 14:35:49 -0500 Daniel J Walsh dwalsh@redhat.com wrote:
The problem here looks like logwatch did not transition to system_mail_t when running sendmail.
Funnily enough I've had a similar issue with logrotate not transitioning to squid_t on Fedora 10:
type=AVC msg=audit(1231041733.717:646): avc: denied { read } for pid=6892 comm="squid" name="squid.conf" dev=dm-6 ino=147637 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:squid_conf_t:s0 tclass=file type=SYSCALL msg=audit(1231041733.717:646): arch=c000003e syscall=2 success=no exit=-13 a0=7f8b4a6bb260 a1=0 a2=1b6 a3=7f8b48be47b0 items=0 ppid=6891 pid=6892 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=101 comm="squid" exe="/usr/sbin/squid" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)
The result of this is the following email when logrotate runs:
/etc/cron.daily/logrotate:
2009/01/04 04:02:13| ALERT: initgroups: unable to set groups for User squid and Group 0 FATAL: Unable to open configuration file: /etc/squid/squid.conf: (13) Permission denied Squid Cache (Version 3.0.STABLE10): Terminated abnormally. CPU Usage: 0.032 seconds = 0.009 user + 0.023 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 25
Paul.