Bug 1756973

Summary: Allow read access from exim to mysql config files
Product: [Fedora] Fedora Reporter: Ralf Ertzinger <redhat-bugzilla>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 30CC: dwalsh, lvrabec, mgrepl, plautrba, zpytela
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: selinux-policy-3.14.3-52.fc30 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-11-17 01:13:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ralf Ertzinger 2019-09-30 10:58:06 UTC 
Description of problem:

Using exim with a mysql backend creates AVCs like this (which seem non fatal):

type=AVC msg=audit(1569840075.337:364580): avc:  denied  { getattr } for  pid=1056 comm="exim" path="/etc/my.cnf" dev="vda5" ino=17362796 scontext=system_u:system_r:exim_t:s0 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file permissive=0

The mysql client libraries want to read the mysql config files in /etc. This should probably be allowed, as there might be client specific configuration there.


Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.14.3-46.fc30.noarch

How reproducible:
Always

This also applies to RHEL7 if exim is installed from EPEL. I suspect EPEL8 to have the same issue once exim shows up there.
Comment 1 Lukas Vrabec 2019-10-02 10:41:26 UTC 
commit e498b210872f0667febfa8f52f007ee6ff256d20 (HEAD -> rawhide)
Author: Lukas Vrabec <lvrabec>
Date:   Wed Oct 2 12:41:00 2019 +0200

    Allow exim_t to read mysqld conf files if exim_can_connect_db is enabled. BZ(1756973)
Comment 2 Fedora Update System 2019-10-04 13:36:27 UTC 
FEDORA-2019-6bbf3d600d has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6bbf3d600d
Comment 3 Fedora Update System 2019-10-04 22:15:00 UTC 
selinux-policy-3.14.3-48.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6bbf3d600d
Comment 4 Fedora Update System 2019-10-10 07:49:12 UTC 
FEDORA-2019-6bbf3d600d has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6bbf3d600d
Comment 5 Fedora Update System 2019-10-10 17:29:16 UTC 
selinux-policy-3.14.3-49.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6bbf3d600d
Comment 6 Fedora Update System 2019-10-23 07:00:36 UTC 
FEDORA-2019-d68c9e27f8 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-d68c9e27f8
Comment 7 Fedora Update System 2019-10-25 19:34:09 UTC 
selinux-policy-3.14.3-50.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-d68c9e27f8
Comment 8 Fedora Update System 2019-10-26 17:02:59 UTC 
FEDORA-2019-f83217e2bf has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-f83217e2bf
Comment 9 Fedora Update System 2019-10-27 03:54:57 UTC 
selinux-policy-3.14.3-51.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-f83217e2bf
Comment 10 Fedora Update System 2019-11-03 14:11:00 UTC 
FEDORA-2019-70d80ad4bc has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-70d80ad4bc
Comment 11 Fedora Update System 2019-11-04 02:10:23 UTC 
selinux-policy-3.14.3-52.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-70d80ad4bc
Comment 12 Fedora Update System 2019-11-17 01:13:22 UTC 
selinux-policy-3.14.3-52.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.