Bug 1047295
| Summary: | SELinux is preventing /usr/libexec/postfix/local from using the 'execstack' accesses on a process. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nicolas Mailhot <nicolas.mailhot> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:bd16fbbabd7cb7581347cbf6053fd0a8f4542015d8dba0a8a896f397b211ba42 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-01-02 21:34:50 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1045699 *** |
Description of problem: SELinux is preventing /usr/libexec/postfix/local from using the 'execstack' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** If vous pensez que local devrait être autorisé à accéder execstack sur les processus étiquetés postfix_local_t par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep local /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:postfix_local_t:s0 Target Context system_u:system_r:postfix_local_t:s0 Target Objects [ process ] Source local Source Path /usr/libexec/postfix/local Port <Unknown> Host (removed) Source RPM Packages postfix-2.10.2-2.fc21.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-10.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.13.0-0.rc3.git5.1.fc21.x86_64 #1 SMP Sat Dec 14 15:06:01 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-12-30 11:23:49 CET Last Seen 2013-12-30 11:23:49 CET Local ID b793c1ee-74dc-4377-90d3-9431de845352 Raw Audit Messages type=AVC msg=audit(1388399029.453:82008): avc: denied { execstack } for pid=31246 comm="local" scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=process type=AVC msg=audit(1388399029.453:82008): avc: denied { execmem } for pid=31246 comm="local" scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=process type=SYSCALL msg=audit(1388399029.453:82008): arch=x86_64 syscall=mprotect success=yes exit=0 a0=7fff40b7d000 a1=1000 a2=1000007 a3=0 items=0 ppid=30818 pid=31246 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=local exe=/usr/libexec/postfix/local subj=system_u:system_r:postfix_local_t:s0 key=(null) Hash: local,postfix_local_t,postfix_local_t,process,execstack Additional info: reporter: libreport-2.1.10 hashmarkername: setroubleshoot kernel: 3.13.0-0.rc3.git5.1.fc21.x86_64 type: libreport