http://bugzilla.opensuse.org/show_bug.cgi?id=1210066 Bug ID: 1210066 Summary: Logspam: SELinux is preventing systemd-journal from read access on the directory dbus.service. Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: aarch64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: khanich.opensource@gmx.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- OS: openSUSE microOS Raspberry Pi 4 systemd-journald tries to access /sys/fs/cgroup/system.slice/dbus.service. This gets blocked by SELinux by default. Here is one of the log entries which I got via sealert: -------------------------------------------------------------------------------- SELinux is preventing systemd-journal from read access on the directory dbus.service. ***** Plugin catchall_boolean (89.3 confidence) suggests ****************** If you want to allow logging to syslogd list non security dirs Then you must tell SELinux about this by enabling the 'logging_syslogd_list_non_security_dirs' boolean. Do setsebool -P logging_syslogd_list_non_security_dirs 1 ***** Plugin catchall (11.6 confidence) suggests ************************** If you believe that systemd-journal should be allowed read access on the dbus.service directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd-journal' --raw | audit2allow -M my-systemdjournal # semodule -X 300 -i my-systemdjournal.pp Additional Information: Source Context system_u:system_r:syslogd_t:s0 Target Context system_u:object_r:cgroup_t:s0 Target Objects dbus.service [ dir ] Source systemd-journal Source Path systemd-journal Port <Unknown> Host backupserver Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-20221019-9.1.noarch Local Policy RPM selinux-policy-targeted-20221019-9.1.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name backupserver Platform Linux backupserver 6.2.6-1-default #1 SMP PREEMPT_DYNAMIC Mon Mar 13 10:57:27 UTC 2023 (fa1a4c6) aarch64 aarch64 Alert Count 293 First Seen 2023-04-03 16:34:04 UTC Last Seen 2023-04-03 16:44:06 UTC Local ID faab6787-1eb1-499b-a834-61d1174f2239 Raw Audit Messages type=AVC msg=audit(1680540246.709:2998): avc: denied { read } for pid=952 comm="systemd-journal" name="dbus.service" dev="cgroup2" ino=1985 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir permissive=0 Hash: systemd-journal,syslogd_t,cgroup_t,dir,read -------------------------------------------------------------------------------- While if it would only be one entry, this wouldn't be too bad (although I would very much go and research why it wants to access that), journald tries to access this every 2 seconds and as such I get a log entry every 2 seconds. At that point it's just spam because it drowns out every other log message. Considering that besides me installing some SELinux tools to debug this better, I didn't change anything about the configuration. -- You are receiving this mail because: You are on the CC list for the bug.