456194 – sec-policy/selinux-asterisk needs permission to search /var/log directory

Bug 456194 - sec-policy/selinux-asterisk needs permission to search /var/log directory

Summary: sec-policy/selinux-asterisk needs permission to search /var/log directory

Status:	VERIFIED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	SELinux (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Sven Vermeulen (RETIRED)

URL:
Whiteboard:	sec-policy r12
Keywords:

Depends on:
Blocks:

Reported:	2013-02-08 17:08 UTC by Stan Sander
Modified:	2013-03-29 10:55 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stan Sander 2013-02-08 17:08:50 UTC

asterisk needs permissions to search through /var/log.  This is currently lacking in the policy. logging_search_logs(asterisk_t) should be added to the module.

asterisk: ERROR[23298]: cdr_csv.c:318 in csv_log: Unable to re-open master file /var/log/asterisk//cdr-csv//Master.csv : Permission denied

kernel: type=1400 audit(1360336362.858:209): avc:  denied  { search } for  pid=23298 comm="asterisk" name="log" dev="sda3" ino=6291955 scontext=system_u:system_r:asterisk_t tcontext=system_u:object_r:var_log_t tclass=dir

Comment 1 Sven Vermeulen (RETIRED) gentoo-dev

2013-02-08 18:48:38 UTC

Thanks, added to repository, will be in rev 12

Comment 2 Sven Vermeulen (RETIRED) gentoo-dev

2013-03-09 12:41:46 UTC

rev 12 in main tree, ~arch'ed

Comment 3 Sven Vermeulen (RETIRED) gentoo-dev

2013-03-29 10:55:20 UTC

stabilized