[CentOS] sqlinux weirdness

Sun Mar 4 02:03:05 UTC 2018
Fred Smith <fredex at fcshome.stoneham.ma.us>

Every now and then I get an alert like this one. I have no clue what this
"rear" subsystem is, or why madam would be trying to write to its log

Can anyone enlighten me?

thanks in advance!


SELinux is preventing /usr/sbin/mdadm from write access on the file /var/log/rear/rear-fcshome.log.lockless.

*****  Plugin restorecon (93.9 confidence) suggests   ************************

If you want to fix the label.
/var/log/rear/rear-fcshome.log.lockless default label should be var_log_t.
Then you can run restorecon.
# /sbin/restorecon -v /var/log/rear/rear-fcshome.log.lockless

*****  Plugin leaks (6.10 confidence) suggests   *****************************

If you want to ignore mdadm trying to write access the rear-fcshome.log.lockless file, because you believe it should not need this access.
Then you should report this as a bug.
You can generate a local policy module to dontaudit this access.
# ausearch -x /usr/sbin/mdadm --raw | audit2allow -D -M my-mdadm
# semodule -i my-mdadm.pp

*****  Plugin catchall (1.43 confidence) suggests   **************************

If you believe that mdadm should be allowed write access on the rear-fcshome.log.lockless file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'mdadm' --raw | audit2allow -M my-mdadm
# semodule -i my-mdadm.pp

Additional Information:
Source Context                system_u:system_r:mdadm_t:s0-s0:c0.c1023
Target Context                system_u:object_r:cron_log_t:s0
Target Objects                /var/log/rear/rear-fcshome.log.lockless [ file ]
Source                        mdadm
Source Path                   /usr/sbin/mdadm
Port                          <Unknown>
Host                          fcshome.stoneham.ma.us
Source RPM Packages           mdadm-4.0-5.el7.x86_64
Target RPM Packages
Policy RPM                    selinux-policy-3.13.1-166.el7_4.7.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     fcshome.stoneham.ma.us
Platform                      Linux fcshome.stoneham.ma.us
                              3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25
                              20:13:58 UTC 2018 x86_64 x86_64
Alert Count                   2550
First Seen                    2016-12-13 01:30:06 EST
Last Seen                     2018-03-03 01:30:07 EST
Local ID                      ce9a5be1-55a8-4ad2-bdd9-eefcb5fc7c5b

Raw Audit Messages
type=AVC msg=audit(1520058607.285:46041): avc:  denied  { write } for  pid=17471 comm="mdadm" path="/var/log/rear/rear-fcshome.log.lockless" dev="md126" ino=1368832 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cron_log_t:s0 tclass=file

---- Fred Smith -- fredex at fcshome.stoneham.ma.us -----------------------------
                         God made him who had no sin
                      to be sin for us, so that in him
                 we might become the righteousness of God."
--------------------------- Corinthians 5:21 ---------------------------------