| Summary: | SELinux is preventing mktemp from 'write' accesses on the directory /.esmtp_queue. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Olli Rantinoja <ollran> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 24 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, plautrba |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:300727cdb807ed3f04a9cf85394cf1db50c85416d8e9d52f287d24803feb82c4;VARIANT_ID=workstation; | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-09-19 08:35:36 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Could you please run following command to fix your issue: # restorecon -Rv / |
Description of problem: SELinux is preventing mktemp from 'write' accesses on the directory /.esmtp_queue. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow mktemp to have write access on the .esmtp_queue directory Then you need to change the label on /.esmtp_queue Do # semanage fcontext -a -t FILE_TYPE '/.esmtp_queue' where FILE_TYPE is one of the following: device_t, fsdaemon_tmp_t, fsdaemon_var_lib_t, fsdaemon_var_run_t, tmp_t, var_run_t. Then execute: restorecon -v '/.esmtp_queue' ***** Plugin catchall (17.1 confidence) suggests ************************** If you believe that mktemp should be allowed write access on the .esmtp_queue directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'mktemp' --raw | audit2allow -M my-mktemp # semodule -X 300 -i my-mktemp.pp Additional Information: Source Context system_u:system_r:fsdaemon_t:s0 Target Context unconfined_u:object_r:default_t:s0 Target Objects /.esmtp_queue [ dir ] Source mktemp Source Path mktemp Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-191.14.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.7.2-201.fc24.x86_64+debug #1 SMP Fri Aug 26 15:37:14 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-09-16 02:32:54 EEST Last Seen 2016-09-16 02:32:54 EEST Local ID 45f4a572-4e8c-46c6-a49c-878d37200971 Raw Audit Messages type=AVC msg=audit(1473982374.911:653): avc: denied { write } for pid=8317 comm="mktemp" name=".esmtp_queue" dev="dm-1" ino=4587521 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=dir permissive=0 Hash: mktemp,fsdaemon_t,default_t,dir,write Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64+debug type: libreport