Bug 1162305
Summary: | mailx fails when used with mail server other than Sendmail Inc sendmail or postfix | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Gordon Messmer <gordon.messmer> | |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | low | |||
Version: | 7.0 | CC: | gordon.messmer, lvrabec, mgrepl, mmalik, plautrba, pvrabec | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | selinux-policy-3.13.1-81.el7 | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1166664 1210298 1323224 (view as bug list) | Environment: | ||
Last Closed: | 2016-11-04 02:17:50 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1166664, 1210298 |
Description
Gordon Messmer
2014-11-10 19:40:55 UTC
Could you attach raw AVC messages? Thank you. I can, but they're not meaningful. They document the problem with only one non-Sendmail Inc. sendmail binary, and in only one configuration. Adding these will not remedy the problem completely. type=USER_AVC msg=audit(1450678921.538:9380): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=2) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=AVC msg=audit(1450678921.613:9383): avc: denied { read } for pid=8480 comm="submit" name="enablefiltering" dev="dm-1" ino=133928 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:courier_etc_t:s0 tclass=file type=AVC msg=audit(1450678921.613:9383): avc: denied { open } for pid=8480 comm="submit" path="/etc/courier/enablefiltering" dev="dm-1" ino=133928 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:courier_etc_t:s0 tclass=file type=AVC msg=audit(1450678921.614:9384): avc: denied { getattr } for pid=8480 comm="submit" path="/etc/courier/enablefiltering" dev="dm-1" ino=133928 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:courier_etc_t:s0 tclass=file type=AVC msg=audit(1450678921.615:9385): avc: denied { read } for pid=8480 comm="submit" name="aliases.dat" dev="dm-1" ino=131119 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:courier_etc_t:s0 tclass=file type=AVC msg=audit(1450678921.615:9385): avc: denied { open } for pid=8480 comm="submit" path="/etc/courier/aliases.dat" dev="dm-1" ino=131119 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:courier_etc_t:s0 tclass=file type=AVC msg=audit(1450678921.615:9386): avc: denied { getattr } for pid=8480 comm="submit" path="/etc/courier/aliases.dat" dev="dm-1" ino=131119 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:courier_etc_t:s0 tclass=file type=AVC msg=audit(1450678921.615:9387): avc: denied { lock } for pid=8480 comm="submit" path="/etc/courier/aliases.dat" dev="dm-1" ino=131119 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:courier_etc_t:s0 tclass=file type=AVC msg=audit(1450678921.615:9388): avc: denied { read } for pid=8480 comm="submit" name="locals" dev="dm-1" ino=143725 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:courier_etc_t:s0 tclass=lnk_file You are right, it makes sense. We have more troubles around labeling mailx. I'm going to test it. Thank you for reporting bug. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2283.html |