Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 852296

Summary: sec-policy/selinux-usbguard doesn't allow access to logfile (with <sys-apps/usbguard-1.1.1-r3)
Product: Gentoo Linux Reporter: herypt
Component: SELinuxAssignee: SE Linux Bugs <selinux>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description herypt 2022-06-16 07:24:46 UTC 
The SELinux policy assumes that the logfile for USBGuard is stored in /var/log/usbguard, but it's actually stored in /var/lib/log/usbguard

Reproducible: Always




type=AVC msg=audit(1655363620.660:467): avc:  denied  { search } for  pid=2277 comm="usbguard-daemon" name="lib" dev="sda2" ino=74106 scontext=system_u:system_r:usbguard_t tcontext=system_u:object_r:var_lib_t tclass=dir permissive=1
type=AVC msg=audit(1655363620.660:467): avc:  denied  { append } for  pid=2277 comm="usbguard-daemon" name="usbguard-audit.log" dev="sda2" ino=1502202 scontext=system_u:system_r:usbguard_t tcontext=system_u:object_r:var_lib_t tclass=file permissive=1
type=AVC msg=audit(1655363620.660:467): avc:  denied  { open } for  pid=2277 comm="usbguard-daemon" path="/var/lib/log/usbguard/usbguard-audit.log" dev="sda2" ino=1502202 scontext=system_u:system_r:usbguard_t tcontext=system_u:object_r:var_lib_t tclass=file permissive=1
Comment 1 Larry the Git Cow gentoo-dev 2022-06-19 16:21:28 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=74e9230d7a8008f0d80dab7ef96e0a814c501946

commit 74e9230d7a8008f0d80dab7ef96e0a814c501946
Author:     Sebastian Pipping <sping@gentoo.org>
AuthorDate: 2022-06-19 16:00:03 +0000
Commit:     Sebastian Pipping <sping@gentoo.org>
CommitDate: 2022-06-19 16:20:27 +0000

    sys-apps/usbguard: Make logs go to /var/log not /var/lib/log
    
    As discussed with concord on IRC.
    Bug: https://bugs.gentoo.org/852296
    Signed-off-by: Sebastian Pipping <sping@gentoo.org>
    Package-Manager: Portage-3.0.30, Repoman-3.0.3

 sys-apps/usbguard/usbguard-1.1.1-r3.ebuild | 99 ++++++++++++++++++++++++++++++
 1 file changed, 99 insertions(+)