| Summary: | sec-policy/selinux-asterisk needs permission to search /var/log directory | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Stan Sander <stsander> |
| Component: | SELinux | Assignee: | Sven Vermeulen (RETIRED) <swift> |
| Status: | VERIFIED FIXED | ||
| Severity: | normal | CC: | selinux |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | sec-policy r12 | ||
| Package list: | Runtime testing required: | --- | |
Thanks, added to repository, will be in rev 12 rev 12 in main tree, ~arch'ed stabilized |
asterisk needs permissions to search through /var/log. This is currently lacking in the policy. logging_search_logs(asterisk_t) should be added to the module. asterisk: ERROR[23298]: cdr_csv.c:318 in csv_log: Unable to re-open master file /var/log/asterisk//cdr-csv//Master.csv : Permission denied kernel: type=1400 audit(1360336362.858:209): avc: denied { search } for pid=23298 comm="asterisk" name="log" dev="sda3" ino=6291955 scontext=system_u:system_r:asterisk_t tcontext=system_u:object_r:var_log_t tclass=dir