Bug 1047309
| Summary: | SELinux is preventing /usr/sbin/postdrop from using the 'execstack' accesses on a process. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nicolas Mailhot <nicolas.mailhot> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:1129ddc291fe7fd61c12dca6390bdc923637121bfdaa937fd6bc574a8bff602d | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-01-02 21:34:56 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1045699 *** |
Description of problem: SELinux is preventing /usr/sbin/postdrop from using the 'execstack' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** If vous pensez que postdrop devrait être autorisé à accéder execstack sur les processus étiquetés postfix_postdrop_t par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep postdrop /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:postfix_postdrop_t:s0 Target Context system_u:system_r:postfix_postdrop_t:s0 Target Objects [ process ] Source postdrop Source Path /usr/sbin/postdrop Port <Unknown> Host (removed) Source RPM Packages postfix-2.10.2-2.fc21.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-10.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.13.0-0.rc5.git0.1.fc21.x86_64 #1 SMP Mon Dec 23 14:23:13 UTC 2013 x86_64 x86_64 Alert Count 2 First Seen 2013-12-30 11:50:36 CET Last Seen 2013-12-30 11:50:37 CET Local ID 422c44e1-325e-4601-a628-626e08b6f76f Raw Audit Messages type=AVC msg=audit(1388400637.168:56): avc: denied { execstack } for pid=1022 comm="postdrop" scontext=system_u:system_r:postfix_postdrop_t:s0 tcontext=system_u:system_r:postfix_postdrop_t:s0 tclass=process type=AVC msg=audit(1388400637.168:56): avc: denied { execmem } for pid=1022 comm="postdrop" scontext=system_u:system_r:postfix_postdrop_t:s0 tcontext=system_u:system_r:postfix_postdrop_t:s0 tclass=process type=SYSCALL msg=audit(1388400637.168:56): arch=x86_64 syscall=mprotect success=yes exit=0 a0=7fff3f248000 a1=1000 a2=1000007 a3=0 items=0 ppid=1020 pid=1022 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=90 sgid=90 fsgid=90 ses=4294967295 tty=(none) comm=postdrop exe=/usr/sbin/postdrop subj=system_u:system_r:postfix_postdrop_t:s0 key=(null) Hash: postdrop,postfix_postdrop_t,postfix_postdrop_t,process,execstack Additional info: reporter: libreport-2.1.10 hashmarkername: setroubleshoot kernel: 3.13.0-0.rc5.git0.1.fc21.x86_64 type: libreport