Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 156760 Details for
Bug 242168
dovecot selinux exception(s)
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Saved alerts
selinux_alert.txt (text/plain), 34.95 KB, created by
Christophe Lambin
on 2007-06-11 21:28:08 UTC
(
hide
)
Description:
Saved alerts
Filename:
MIME Type:
Creator:
Christophe Lambin
Created:
2007-06-11 21:28:08 UTC
Size:
34.95 KB
patch
obsolete
>Summary > SELinux is preventing access to files with the default label, default_t. > >Detailed Description > SELinux permission checks on files labeled default_t are being denied. > These files/directories have the default label on them. This can indicate a > labeling problem, especially if the files being referred to are not top > level directories. Any files/directories under standard system directories, > /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. > The default label is for files/directories which do not have a label on a > parent directory. So if you create a new directory in / you might > legitimately get this label. > >Allowing Access > If you want a confined domain to use these files you will probably need to > relabel the file/directory with chcon. In some cases it is just easier to > relabel the system, to relabel execute: "touch /.autorelabel; reboot" > >Additional Information > >Source Context user_u:system_r:dovecot_t >Target Context user_u:object_r:default_t >Target Objects .temp.lazarus.localdomain.7005.847793e7e15c9d85 [ > file ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-13.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.default >Host Name lazarus.localdomain >Platform Linux lazarus.localdomain 2.6.21-1.3194.fc7 #1 SMP > Wed May 23 22:35:01 EDT 2007 i686 i686 >Alert Count 1 >First Seen Mon 11 Jun 2007 11:16:30 PM CEST >Last Seen Mon 11 Jun 2007 11:16:30 PM CEST >Local ID 05d6b87b-2331-49e0-963c-f32de50263a9 >Line Numbers > >Raw Audit Messages > >avc: denied { link } for comm="imap" dev=dm-1 egid=500 euid=500 >exe="/usr/libexec/dovecot/imap" exit=0 fsgid=500 fsuid=500 gid=500 items=0 >name=".temp.lazarus.localdomain.7005.847793e7e15c9d85" pid=7005 >scontext=user_u:system_r:dovecot_t:s0 sgid=500 subj=user_u:system_r:dovecot_t:s0 >suid=500 tclass=file tcontext=user_u:object_r:default_t:s0 tty=(none) uid=500 > > >Summary > SELinux is preventing access to files with the default label, default_t. > >Detailed Description > SELinux permission checks on files labeled default_t are being denied. > These files/directories have the default label on them. This can indicate a > labeling problem, especially if the files being referred to are not top > level directories. Any files/directories under standard system directories, > /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. > The default label is for files/directories which do not have a label on a > parent directory. So if you create a new directory in / you might > legitimately get this label. > >Allowing Access > If you want a confined domain to use these files you will probably need to > relabel the file/directory with chcon. In some cases it is just easier to > relabel the system, to relabel execute: "touch /.autorelabel; reboot" > >Additional Information > >Source Context user_u:system_r:dovecot_t >Target Context user_u:object_r:default_t >Target Objects .temp.lazarus.localdomain.7005.847793e7e15c9d85 [ > file ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-13.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.default >Host Name lazarus.localdomain >Platform Linux lazarus.localdomain 2.6.21-1.3194.fc7 #1 SMP > Wed May 23 22:35:01 EDT 2007 i686 i686 >Alert Count 1 >First Seen Mon 11 Jun 2007 11:16:30 PM CEST >Last Seen Mon 11 Jun 2007 11:16:30 PM CEST >Local ID bad38902-ccb7-4f81-87b9-dc39f46959f6 >Line Numbers > >Raw Audit Messages > >avc: denied { create } for comm="imap" egid=500 euid=500 >exe="/usr/libexec/dovecot/imap" exit=6 fsgid=500 fsuid=500 gid=500 items=0 >name=".temp.lazarus.localdomain.7005.847793e7e15c9d85" pid=7005 >scontext=user_u:system_r:dovecot_t:s0 sgid=500 subj=user_u:system_r:dovecot_t:s0 >suid=500 tclass=file tcontext=user_u:object_r:default_t:s0 tty=(none) uid=500 > > >Summary > SELinux is preventing access to files with the default label, default_t. > >Detailed Description > SELinux permission checks on files labeled default_t are being denied. > These files/directories have the default label on them. This can indicate a > labeling problem, especially if the files being referred to are not top > level directories. Any files/directories under standard system directories, > /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. > The default label is for files/directories which do not have a label on a > parent directory. So if you create a new directory in / you might > legitimately get this label. > >Allowing Access > If you want a confined domain to use these files you will probably need to > relabel the file/directory with chcon. In some cases it is just easier to > relabel the system, to relabel execute: "touch /.autorelabel; reboot" > >Additional Information > >Source Context user_u:system_r:dovecot_t >Target Context system_u:object_r:default_t >Target Objects .subscriptions [ file ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-13.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.default >Host Name lazarus.localdomain >Platform Linux lazarus.localdomain 2.6.21-1.3194.fc7 #1 SMP > Wed May 23 22:35:01 EDT 2007 i686 i686 >Alert Count 1 >First Seen Mon 11 Jun 2007 11:16:30 PM CEST >Last Seen Mon 11 Jun 2007 11:16:30 PM CEST >Local ID a48f9d9e-0285-48da-b420-312f19949479 >Line Numbers > >Raw Audit Messages > >avc: denied { read } for comm="imap" dev=dm-1 egid=500 euid=500 >exe="/usr/libexec/dovecot/imap" exit=6 fsgid=500 fsuid=500 gid=500 items=0 >name=".subscriptions" pid=7005 scontext=user_u:system_r:dovecot_t:s0 sgid=500 >subj=user_u:system_r:dovecot_t:s0 suid=500 tclass=file >tcontext=system_u:object_r:default_t:s0 tty=(none) uid=500 > > >Summary > SELinux is preventing access to files with the default label, default_t. > >Detailed Description > SELinux permission checks on files labeled default_t are being denied. > These files/directories have the default label on them. This can indicate a > labeling problem, especially if the files being referred to are not top > level directories. Any files/directories under standard system directories, > /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. > The default label is for files/directories which do not have a label on a > parent directory. So if you create a new directory in / you might > legitimately get this label. > >Allowing Access > If you want a confined domain to use these files you will probably need to > relabel the file/directory with chcon. In some cases it is just easier to > relabel the system, to relabel execute: "touch /.autorelabel; reboot" > >Additional Information > >Source Context user_u:system_r:dovecot_t >Target Context system_u:object_r:default_t >Target Objects /home/clambin/Mail/pan-announce [ file ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-13.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.default >Host Name lazarus.localdomain >Platform Linux lazarus.localdomain 2.6.21-1.3194.fc7 #1 SMP > Wed May 23 22:35:01 EDT 2007 i686 i686 >Alert Count 1 >First Seen Mon 11 Jun 2007 11:16:30 PM CEST >Last Seen Mon 11 Jun 2007 11:16:30 PM CEST >Local ID accedaa6-de72-4f4c-a7aa-0e399dde8e12 >Line Numbers > >Raw Audit Messages > >avc: denied { getattr } for comm="imap" dev=dm-1 egid=500 euid=500 >exe="/usr/libexec/dovecot/imap" exit=0 fsgid=500 fsuid=500 gid=500 items=0 name >="pan-announce" path="/home/clambin/Mail/pan-announce" pid=7005 >scontext=user_u:system_r:dovecot_t:s0 sgid=500 subj=user_u:system_r:dovecot_t:s0 >suid=500 tclass=file tcontext=system_u:object_r:default_t:s0 tty=(none) uid=500 > > >Summary > SELinux is preventing access to files with the default label, default_t. > >Detailed Description > SELinux permission checks on files labeled default_t are being denied. > These files/directories have the default label on them. This can indicate a > labeling problem, especially if the files being referred to are not top > level directories. Any files/directories under standard system directories, > /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. > The default label is for files/directories which do not have a label on a > parent directory. So if you create a new directory in / you might > legitimately get this label. > >Allowing Access > If you want a confined domain to use these files you will probably need to > relabel the file/directory with chcon. In some cases it is just easier to > relabel the system, to relabel execute: "touch /.autorelabel; reboot" > >Additional Information > >Source Context user_u:system_r:dovecot_t >Target Context user_u:object_r:default_t >Target Objects Drafts [ dir ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-13.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.default >Host Name lazarus.localdomain >Platform Linux lazarus.localdomain 2.6.21-1.3194.fc7 #1 SMP > Wed May 23 22:35:01 EDT 2007 i686 i686 >Alert Count 1 >First Seen Mon 11 Jun 2007 11:16:30 PM CEST >Last Seen Mon 11 Jun 2007 11:16:30 PM CEST >Local ID 50875f7a-7211-4799-8ad1-45494f6834f0 >Line Numbers > >Raw Audit Messages > >avc: denied { add_name } for comm="imap" dev=dm-1 egid=500 euid=500 >exe="/usr/libexec/dovecot/imap" exit=0 fsgid=500 fsuid=500 gid=500 items=0 >name="Drafts" pid=7005 scontext=user_u:system_r:dovecot_t:s0 sgid=500 >subj=user_u:system_r:dovecot_t:s0 suid=500 tclass=dir >tcontext=user_u:object_r:default_t:s0 tty=(none) uid=500 > > >Summary > SELinux is preventing access to files with the default label, default_t. > >Detailed Description > SELinux permission checks on files labeled default_t are being denied. > These files/directories have the default label on them. This can indicate a > labeling problem, especially if the files being referred to are not top > level directories. Any files/directories under standard system directories, > /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. > The default label is for files/directories which do not have a label on a > parent directory. So if you create a new directory in / you might > legitimately get this label. > >Allowing Access > If you want a confined domain to use these files you will probably need to > relabel the file/directory with chcon. In some cases it is just easier to > relabel the system, to relabel execute: "touch /.autorelabel; reboot" > >Additional Information > >Source Context user_u:system_r:dovecot_t >Target Context user_u:object_r:default_t >Target Objects .imap [ dir ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-13.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.default >Host Name lazarus.localdomain >Platform Linux lazarus.localdomain 2.6.21-1.3194.fc7 #1 SMP > Wed May 23 22:35:01 EDT 2007 i686 i686 >Alert Count 1 >First Seen Mon 11 Jun 2007 11:16:30 PM CEST >Last Seen Mon 11 Jun 2007 11:16:30 PM CEST >Local ID cd352c15-01bb-4bc6-b39c-5355d292863e >Line Numbers > >Raw Audit Messages > >avc: denied { create } for comm="imap" dev=dm-1 egid=500 euid=500 >exe="/usr/libexec/dovecot/imap" exit=0 fsgid=500 fsuid=500 gid=500 items=0 >name=".imap" pid=7005 scontext=user_u:system_r:dovecot_t:s0 sgid=500 >subj=user_u:system_r:dovecot_t:s0 suid=500 tclass=dir >tcontext=user_u:object_r:default_t:s0 tty=(none) uid=500 > > >Summary > SELinux is preventing /usr/sbin/dovecot (dovecot_t) "search" to mnt (mnt_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/dovecot. It is not expected > that this access is required by /usr/sbin/dovecot and this access may signal > an intrusion attempt. It is also possible that the specific version or > configuration of the application is causing it to require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for mnt, restorecon -v mnt If this > does not work, there is currently no automatic way to allow this access. > Instead, you can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context user_u:system_r:dovecot_t >Target Context system_u:object_r:mnt_t >Target Objects mnt [ dir ] >Affected RPM Packages dovecot-1.0.0-11.fc7 > [application]filesystem-2.4.6-1.fc7 [target] >Policy RPM selinux-policy-2.6.4-13.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name lazarus.localdomain >Platform Linux lazarus.localdomain 2.6.21-1.3194.fc7 #1 SMP > Wed May 23 22:35:01 EDT 2007 i686 i686 >Alert Count 1 >First Seen Mon 11 Jun 2007 11:16:30 PM CEST >Last Seen Mon 11 Jun 2007 11:16:30 PM CEST >Local ID be7ae7d8-e2a9-4161-bd69-dd8bdd6d66b1 >Line Numbers > >Raw Audit Messages > >avc: denied { search } for comm="dovecot" dev=dm-0 egid=500 euid=0 >exe="/usr/sbin/dovecot" exit=0 fsgid=500 fsuid=0 gid=0 items=0 name="mnt" >pid=7005 scontext=user_u:system_r:dovecot_t:s0 sgid=0 >subj=user_u:system_r:dovecot_t:s0 suid=0 tclass=dir >tcontext=system_u:object_r:mnt_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing access to files with the default label, default_t. > >Detailed Description > SELinux permission checks on files labeled default_t are being denied. > These files/directories have the default label on them. This can indicate a > labeling problem, especially if the files being referred to are not top > level directories. Any files/directories under standard system directories, > /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. > The default label is for files/directories which do not have a label on a > parent directory. So if you create a new directory in / you might > legitimately get this label. > >Allowing Access > If you want a confined domain to use these files you will probably need to > relabel the file/directory with chcon. In some cases it is just easier to > relabel the system, to relabel execute: "touch /.autorelabel; reboot" > >Additional Information > >Source Context user_u:system_r:dovecot_t >Target Context user_u:object_r:default_t >Target Objects /home/clambin/Mail/.imap/Drafts/.temp.lazarus.loca > ldomain.7005.847793e7e15c9d85 (deleted) [ file ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-13.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.default >Host Name lazarus.localdomain >Platform Linux lazarus.localdomain 2.6.21-1.3194.fc7 #1 SMP > Wed May 23 22:35:01 EDT 2007 i686 i686 >Alert Count 1 >First Seen Mon 11 Jun 2007 11:16:30 PM CEST >Last Seen Mon 11 Jun 2007 11:16:30 PM CEST >Local ID 018aad93-115d-4048-8787-dbbe7f37ef36 >Line Numbers > >Raw Audit Messages > >avc: denied { read } for comm="imap" dev=dm-1 egid=500 euid=500 >exe="/usr/libexec/dovecot/imap" exit=24 fsgid=500 fsuid=500 gid=500 items=0 >name=".temp.lazarus.localdomain.7005.847793e7e15c9d85" path=2F686F6D652F636C616D >62696E2F4D61696C2F2E696D61702F4472616674732F2E74656D702E6C617A617275732E6C6F6361 >6C646F6D61696E2E373030352E38343737393365376531356339643835202864656C6574656429 >pid=7005 scontext=user_u:system_r:dovecot_t:s0 sgid=500 >subj=user_u:system_r:dovecot_t:s0 suid=500 tclass=file >tcontext=user_u:object_r:default_t:s0 tty=(none) uid=500 > > >Summary > SELinux is preventing access to files with the default label, default_t. > >Detailed Description > SELinux permission checks on files labeled default_t are being denied. > These files/directories have the default label on them. This can indicate a > labeling problem, especially if the files being referred to are not top > level directories. Any files/directories under standard system directories, > /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. > The default label is for files/directories which do not have a label on a > parent directory. So if you create a new directory in / you might > legitimately get this label. > >Allowing Access > If you want a confined domain to use these files you will probably need to > relabel the file/directory with chcon. In some cases it is just easier to > relabel the system, to relabel execute: "touch /.autorelabel; reboot" > >Additional Information > >Source Context user_u:system_r:dovecot_t >Target Context user_u:object_r:default_t >Target Objects /home/clambin/Mail/.imap/Drafts/.temp.lazarus.loca > ldomain.7005.847793e7e15c9d85 (deleted) [ file ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-13.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.default >Host Name lazarus.localdomain >Platform Linux lazarus.localdomain 2.6.21-1.3194.fc7 #1 SMP > Wed May 23 22:35:01 EDT 2007 i686 i686 >Alert Count 1 >First Seen Mon 11 Jun 2007 11:16:30 PM CEST >Last Seen Mon 11 Jun 2007 11:16:30 PM CEST >Local ID a642f68c-6239-4dcb-9f13-74507d26f0d5 >Line Numbers > >Raw Audit Messages > >avc: denied { lock } for comm="imap" dev=dm-1 egid=500 euid=500 >exe="/usr/libexec/dovecot/imap" exit=0 fsgid=500 fsuid=500 gid=500 items=0 >name=".temp.lazarus.localdomain.7005.847793e7e15c9d85" path=2F686F6D652F636C616D >62696E2F4D61696C2F2E696D61702F4472616674732F2E74656D702E6C617A617275732E6C6F6361 >6C646F6D61696E2E373030352E38343737393365376531356339643835202864656C6574656429 >pid=7005 scontext=user_u:system_r:dovecot_t:s0 sgid=500 >subj=user_u:system_r:dovecot_t:s0 suid=500 tclass=file >tcontext=user_u:object_r:default_t:s0 tty=(none) uid=500 > > >Summary > SELinux is preventing access to files with the default label, default_t. > >Detailed Description > SELinux permission checks on files labeled default_t are being denied. > These files/directories have the default label on them. This can indicate a > labeling problem, especially if the files being referred to are not top > level directories. Any files/directories under standard system directories, > /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. > The default label is for files/directories which do not have a label on a > parent directory. So if you create a new directory in / you might > legitimately get this label. > >Allowing Access > If you want a confined domain to use these files you will probably need to > relabel the file/directory with chcon. In some cases it is just easier to > relabel the system, to relabel execute: "touch /.autorelabel; reboot" > >Additional Information > >Source Context user_u:system_r:dovecot_t >Target Context system_u:object_r:default_t >Target Objects Drafts [ file ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-13.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.default >Host Name lazarus.localdomain >Platform Linux lazarus.localdomain 2.6.21-1.3194.fc7 #1 SMP > Wed May 23 22:35:01 EDT 2007 i686 i686 >Alert Count 1 >First Seen Mon 11 Jun 2007 11:16:30 PM CEST >Last Seen Mon 11 Jun 2007 11:16:30 PM CEST >Local ID 2f283993-aa9a-497e-975e-843506cbe940 >Line Numbers > >Raw Audit Messages > >avc: denied { write } for comm="imap" dev=dm-1 egid=500 euid=500 >exe="/usr/libexec/dovecot/imap" exit=0 fsgid=500 fsuid=500 gid=500 items=0 >name="Drafts" pid=7005 scontext=user_u:system_r:dovecot_t:s0 sgid=500 >subj=user_u:system_r:dovecot_t:s0 suid=500 tclass=file >tcontext=system_u:object_r:default_t:s0 tty=(none) uid=500 > > >Summary > SELinux is preventing access to files with the default label, default_t. > >Detailed Description > SELinux permission checks on files labeled default_t are being denied. > These files/directories have the default label on them. This can indicate a > labeling problem, especially if the files being referred to are not top > level directories. Any files/directories under standard system directories, > /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. > The default label is for files/directories which do not have a label on a > parent directory. So if you create a new directory in / you might > legitimately get this label. > >Allowing Access > If you want a confined domain to use these files you will probably need to > relabel the file/directory with chcon. In some cases it is just easier to > relabel the system, to relabel execute: "touch /.autorelabel; reboot" > >Additional Information > >Source Context user_u:system_r:dovecot_t >Target Context system_u:object_r:default_t >Target Objects /home/clambin/Mail/Drafts [ file ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-13.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.default >Host Name lazarus.localdomain >Platform Linux lazarus.localdomain 2.6.21-1.3194.fc7 #1 SMP > Wed May 23 22:35:01 EDT 2007 i686 i686 >Alert Count 1 >First Seen Mon 11 Jun 2007 11:16:30 PM CEST >Last Seen Mon 11 Jun 2007 11:16:30 PM CEST >Local ID 86f879a0-f9bc-4fab-93e1-244bdc5ac71b >Line Numbers > >Raw Audit Messages > >avc: denied { lock } for comm="imap" dev=dm-1 egid=500 euid=500 >exe="/usr/libexec/dovecot/imap" exit=0 fsgid=500 fsuid=500 gid=500 items=0 >name="Drafts" path="/home/clambin/Mail/Drafts" pid=7005 >scontext=user_u:system_r:dovecot_t:s0 sgid=500 subj=user_u:system_r:dovecot_t:s0 >suid=500 tclass=file tcontext=system_u:object_r:default_t:s0 tty=(none) uid=500 > > >Summary > SELinux is preventing access to files with the default label, default_t. > >Detailed Description > SELinux permission checks on files labeled default_t are being denied. > These files/directories have the default label on them. This can indicate a > labeling problem, especially if the files being referred to are not top > level directories. Any files/directories under standard system directories, > /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. > The default label is for files/directories which do not have a label on a > parent directory. So if you create a new directory in / you might > legitimately get this label. > >Allowing Access > If you want a confined domain to use these files you will probably need to > relabel the file/directory with chcon. In some cases it is just easier to > relabel the system, to relabel execute: "touch /.autorelabel; reboot" > >Additional Information > >Source Context user_u:system_r:dovecot_t >Target Context user_u:object_r:default_t >Target Objects .temp.lazarus.localdomain.7005.847793e7e15c9d85 [ > file ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-13.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.default >Host Name lazarus.localdomain >Platform Linux lazarus.localdomain 2.6.21-1.3194.fc7 #1 SMP > Wed May 23 22:35:01 EDT 2007 i686 i686 >Alert Count 1 >First Seen Mon 11 Jun 2007 11:16:30 PM CEST >Last Seen Mon 11 Jun 2007 11:16:30 PM CEST >Local ID 6e22a5a9-3784-48fe-ab50-0abe0d7b5ca8 >Line Numbers > >Raw Audit Messages > >avc: denied { unlink } for comm="imap" dev=dm-1 egid=500 euid=500 >exe="/usr/libexec/dovecot/imap" exit=0 fsgid=500 fsuid=500 gid=500 items=0 >name=".temp.lazarus.localdomain.7005.847793e7e15c9d85" pid=7005 >scontext=user_u:system_r:dovecot_t:s0 sgid=500 subj=user_u:system_r:dovecot_t:s0 >suid=500 tclass=file tcontext=user_u:object_r:default_t:s0 tty=(none) uid=500 > > >Summary > SELinux is preventing access to files with the default label, default_t. > >Detailed Description > SELinux permission checks on files labeled default_t are being denied. > These files/directories have the default label on them. This can indicate a > labeling problem, especially if the files being referred to are not top > level directories. Any files/directories under standard system directories, > /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. > The default label is for files/directories which do not have a label on a > parent directory. So if you create a new directory in / you might > legitimately get this label. > >Allowing Access > If you want a confined domain to use these files you will probably need to > relabel the file/directory with chcon. In some cases it is just easier to > relabel the system, to relabel execute: "touch /.autorelabel; reboot" > >Additional Information > >Source Context user_u:system_r:dovecot_t >Target Context user_u:object_r:default_t >Target Objects /home/clambin/Mail/.imap/Drafts/.temp.lazarus.loca > ldomain.7005.847793e7e15c9d85 (deleted) [ file ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-13.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.default >Host Name lazarus.localdomain >Platform Linux lazarus.localdomain 2.6.21-1.3194.fc7 #1 SMP > Wed May 23 22:35:01 EDT 2007 i686 i686 >Alert Count 1 >First Seen Mon 11 Jun 2007 11:16:30 PM CEST >Last Seen Mon 11 Jun 2007 11:16:30 PM CEST >Local ID 969254bc-3e15-4ac1-9608-68486f7da9e1 >Line Numbers > >Raw Audit Messages > >avc: denied { getattr } for comm="imap" dev=dm-1 egid=500 euid=500 >exe="/usr/libexec/dovecot/imap" exit=0 fsgid=500 fsuid=500 gid=500 items=0 >name=".temp.lazarus.localdomain.7005.847793e7e15c9d85" path=2F686F6D652F636C616D >62696E2F4D61696C2F2E696D61702F4472616674732F2E74656D702E6C617A617275732E6C6F6361 >6C646F6D61696E2E373030352E38343737393365376531356339643835202864656C6574656429 >pid=7005 scontext=user_u:system_r:dovecot_t:s0 sgid=500 >subj=user_u:system_r:dovecot_t:s0 suid=500 tclass=file >tcontext=user_u:object_r:default_t:s0 tty=(none) uid=500 > > >Summary > SELinux is preventing access to files with the default label, default_t. > >Detailed Description > SELinux permission checks on files labeled default_t are being denied. > These files/directories have the default label on them. This can indicate a > labeling problem, especially if the files being referred to are not top > level directories. Any files/directories under standard system directories, > /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. > The default label is for files/directories which do not have a label on a > parent directory. So if you create a new directory in / you might > legitimately get this label. > >Allowing Access > If you want a confined domain to use these files you will probably need to > relabel the file/directory with chcon. In some cases it is just easier to > relabel the system, to relabel execute: "touch /.autorelabel; reboot" > >Additional Information > >Source Context user_u:system_r:dovecot_t >Target Context user_u:object_r:default_t >Target Objects /home/clambin/Mail/.imap/Drafts/.temp.lazarus.loca > ldomain.7005.847793e7e15c9d85 (deleted) [ file ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-13.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.default >Host Name lazarus.localdomain >Platform Linux lazarus.localdomain 2.6.21-1.3194.fc7 #1 SMP > Wed May 23 22:35:01 EDT 2007 i686 i686 >Alert Count 1 >First Seen Mon 11 Jun 2007 11:16:30 PM CEST >Last Seen Mon 11 Jun 2007 11:16:30 PM CEST >Local ID cfa3d466-6dc2-49ae-ac12-9e8988ce4a66 >Line Numbers > >Raw Audit Messages > >avc: denied { write } for comm="imap" dev=dm-1 egid=500 euid=500 >exe="/usr/libexec/dovecot/imap" exit=24 fsgid=500 fsuid=500 gid=500 items=0 >name=".temp.lazarus.localdomain.7005.847793e7e15c9d85" path=2F686F6D652F636C616D >62696E2F4D61696C2F2E696D61702F4472616674732F2E74656D702E6C617A617275732E6C6F6361 >6C646F6D61696E2E373030352E38343737393365376531356339643835202864656C6574656429 >pid=7005 scontext=user_u:system_r:dovecot_t:s0 sgid=500 >subj=user_u:system_r:dovecot_t:s0 suid=500 tclass=file >tcontext=user_u:object_r:default_t:s0 tty=(none) uid=500 > > >Summary > SELinux is preventing access to files with the default label, default_t. > >Detailed Description > SELinux permission checks on files labeled default_t are being denied. > These files/directories have the default label on them. This can indicate a > labeling problem, especially if the files being referred to are not top > level directories. Any files/directories under standard system directories, > /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. > The default label is for files/directories which do not have a label on a > parent directory. So if you create a new directory in / you might > legitimately get this label. > >Allowing Access > If you want a confined domain to use these files you will probably need to > relabel the file/directory with chcon. In some cases it is just easier to > relabel the system, to relabel execute: "touch /.autorelabel; reboot" > >Additional Information > >Source Context user_u:system_r:dovecot_t >Target Context user_u:object_r:default_t >Target Objects dovecot.index.log.newlock [ file ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-13.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.default >Host Name lazarus.localdomain >Platform Linux lazarus.localdomain 2.6.21-1.3194.fc7 #1 SMP > Wed May 23 22:35:01 EDT 2007 i686 i686 >Alert Count 1 >First Seen Mon 11 Jun 2007 11:16:30 PM CEST >Last Seen Mon 11 Jun 2007 11:16:30 PM CEST >Local ID f837040f-5c57-4262-85f2-24b9e02e3295 >Line Numbers > >Raw Audit Messages > >avc: denied { rename } for comm="imap" dev=dm-1 egid=500 euid=500 >exe="/usr/libexec/dovecot/imap" exit=0 fsgid=500 fsuid=500 gid=500 items=0 >name="dovecot.index.log.newlock" pid=7005 scontext=user_u:system_r:dovecot_t:s0 >sgid=500 subj=user_u:system_r:dovecot_t:s0 suid=500 tclass=file >tcontext=user_u:object_r:default_t:s0 tty=(none) uid=500 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=156760">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 242168
: 156760 |
156810
|
156902