Bug 223265
Summary: | When upgrading to the latest tz data I get a warning in setroubleshoot | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tom Diehl <me> | ||||
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 6 | ||||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Current | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-08-22 14:13:15 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Tom Diehl
2007-01-18 19:43:17 UTC
Created attachment 145937 [details]
Screen shot showing the errors from setroubleshoot
Since it looks like the screen shot is unreadable here are the details in the setroubleshoot screen: SELinux is preventing /usr/sbin/tzdata-update (tzdata_t) "search" access to postfix (postfix_spool_t). SELinux denied access requested by /usr/sbin/tzdata-update. It is not expected that this access is required by /usr/sbin/tzdata-update and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Please file a bug report against this package. Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for postfix, restorecon -v postfix. There is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ - or you can disable SELinux protection entirely for the application. Disabling SELinux protection is not recommended. Please file a bug report against this package. Changing the "tzdata_disable_trans" boolean to true will disable SELinux protection this application: "setsebool -P tzdata_disable_trans=1."The following command will allow this access:setsebool -P tzdata_disable_trans=1 Source Context: user_u:system_r:tzdata_t Target Context: system_u:object_r:postfix_spool_t Target Objects: postfix [ dir ] Affected RPM Packages: glibc-common-2.5-10.fc6 [application] Policy RPM: selinux-policy-2.4.6-23.fc6 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: plugins.disable_trans Platform: Linux tigger.tntechs.com 2.6.18-1.2869.fc6 #1 SMP Wed Dec 20 14:51:19 EST 2006 i686 athlon Alert Count: 1 avc: denied { search } for comm="tzdata-update" dev=dm-5 egid=0 euid=0 exe="/usr/sbin/tzdata-update" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="postfix" pid=5073 scontext=user_u:system_r:tzdata_t:s0 sgid=0 subj=user_u:system_r:tzdata_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:postfix_spool_t:s0 tty=(none) uid=0 Fixed in selinux-policy-2.4.6-27.fc6 Fixed in current release |