Ubuntu
selinux package

[hardy beta] unable to start syslog-ng if selinux is enforcing.

Bug #209773 reported by tgelter
2
Affects Status Importance Assigned to Milestone
selinux (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: selinux

Symptom:
root@guapuraT61:~# getenforce
Enforcing
root@guapuraT61:~# /etc/init.d/syslog-ng start
 * Starting system logging syslog-ng start-stop-daemon: Unable to start /sbin/syslog-ng: Permission denied (Permission denied)
                                                                         [fail]
root@guapuraT61:~# setenforce 0
root@guapuraT61:~# /etc/init.d/syslog-ng start
 * Starting system logging syslog-ng [ ok ]

Cause:
root@guapuraT61:~# dmesg
      <---snip--->
[ 2500.863873] audit(1206980642.829:117): security_compute_sid: invalid context unconfined_u:system_r:syslogd_t for scontext=unconfined_u:unconfined_r:unconfined_t tcontext=system_u:object_r:syslogd_exec_t tclass=process
[ 2508.737889] audit(1206980650.713:118): enforcing=0 old_enforcing=1 auid=4294967295
[ 2511.072712] audit(1206980653.053:119): security_compute_sid: invalid context unconfined_u:system_r:syslogd_t for scontext=unconfined_u:unconfined_r:unconfined_t tcontext=system_u:object_r:syslogd_exec_t tclass=process
[ 2511.072746] audit(1206980653.053:120): avc: denied { transition } for pid=11785 comm="start-stop-daem" path="/sbin/syslog-ng" dev=sda3 ino=10944541 scontext=unconfined_u:unconfined_r:unconfined_t tcontext=unconfined_u:system_r:syslogd_t tclass=process
     <---snip--->

Additional information:
root@guapuraT61:~# lsb_release -rd
Description: Ubuntu hardy (development branch)
Release: 8.04
   (All installed packages up to date as of today (post-beta release))

root@guapuraT61:~# apt-cache policy selinux selinux-policy selinux-policy-refpolicy selinux-policy-unconfined
selinux:
  Installed: 0.2
  Candidate: 0.2
  Version table:
 *** 0.2 0
        500 http://archive.ubuntu.com hardy/universe Packages
        100 /var/lib/dpkg/status
     0.1+ppa1 0
        500 http://ppa.launchpad.net hardy/main Packages
selinux-policy:
  Installed: (none)
  Candidate: (none)
  Version table:
selinux-policy-refpolicy:
  Installed: 0.0.20071214-0ubuntu2
  Candidate: 0.0.20071214-0ubuntu2
  Version table:
 *** 0.0.20071214-0ubuntu2 0
        500 http://archive.ubuntu.com hardy/universe Packages
        100 /var/lib/dpkg/status
selinux-policy-unconfined:
  Installed: (none)
  Candidate: (none)
  Version table:

Revision history for this message
tgelter (timothy-gelter) wrote :

This is nearly identical (only the target service differs) to bug #202983 (https://bugs.launchpad.net/ubuntu/+source/selinux/+bug/202983)

Revision history for this message
Caleb Case (calebcase) wrote :

Fixed in refpolicy 0.0.20071214-0ubuntu3

Changed in selinux:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.