Bug 1474218
| Summary: | SELinux is preventing (tmpwatch) from execute_no_trans access on the file /usr/sbin/tmpwatch. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Dick Marinus <dick> |
| Component: | amavisd-new | Assignee: | Juan Orti Alcaine <jorti> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 26 | CC: | jorti, perl-devel, steve, vanmeeuwen+fedora |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | amavisd-new-2.11.0-7.fc26 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-07-31 06:24:33 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
oh I think tmpwatch is called from amavisd-new This is because of bug #1468846, basically PrivateDevices=true is unusable in F26. Please, test this update: https://bodhi.fedoraproject.org/updates/FEDORA-2017-7705a5aa55 amavisd-new-2.11.0-7.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-7705a5aa55 amavisd-new-2.11.0-7.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report. |
Raw Audit Messages type=AVC msg=audit(1500839721.237:221753): avc: denied { execute_no_trans } for pid=4712 comm="(tmpwatch)" path="/usr/sbin/tmpwatch" dev="sda3" ino=24769913 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpreaper_exec_t:s0 tclass=file permissive=0 Hash: (tmpwatch),init_t,tmpreaper_exec_t,file,execute_no_trans audit2allow output: module tmpwatch 1.0; require { type tmpreaper_exec_t; type init_t; class file execute_no_trans; } #============= init_t ============== allow init_t tmpreaper_exec_t:file execute_no_trans;