Bug 239140

Summary: default f7t4 fresh install - avc denied for procmail
Product: [Fedora] Fedora Reporter: David Timms <dtimms>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-05-17 16:51:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Timms 2007-05-05 08:08:29 UTC 
Description of problem:
As a fresh install {keeping old /home folder}, setroubleshooter shows the following 

Version-Release number of selected component (if applicable):
libselinux-2.0.13-1.fc7
libselinux-python-2.0.13-1.fc7
libsepol-2.0.3-1.fc7
policycoreutils-2.0.9-7.fc7
policycoreutils-gui-2.0.9-7.fc7
procmail-3.22-19.fc7
selinux-policy-2.6.1-1.fc7
selinux-policy-targeted-2.6.1-1.fc7

How reproducible:
boot the freshly installed f7t4 machine.
 
Actual results:
Summary
    SELinux is preventing access to files with the default label, default_t.

Additional Information        

Source Context                system_u:system_r:procmail_t
Target Context                system_u:object_r:default_t
Target Objects                root [ dir ]
Affected RPM Packages         procmail-3.22-19.fc7
                              [application]filesystem-2.4.6-1.fc7 [target]
Policy RPM                    selinux-policy-2.6.1-1.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.default
Host Name                     poweredge
Platform                      Linux poweredge 2.6.21-1.3116.fc7 #1 SMP Thu Apr
                              26 10:36:44 EDT 2007 i686 i686
Alert Count                   2
First Seen                    Sat 05 May 2007 02:53:10 PM EST
Last Seen                     Sat 05 May 2007 03:20:52 PM EST
Local ID                      eb8ffc28-9833-40c6-bcad-f83f134b1fb4
Line Numbers                  

Raw Audit Messages            

avc: denied { search } for comm="procmail" dev=sda3 egid=0 euid=0
exe="/usr/bin/procmail" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="root"
pid=14201 scontext=system_u:system_r:procmail_t:s0 sgid=0
subj=system_u:system_r:procmail_t:s0 suid=0 tclass=dir
tcontext=system_u:object_r:default_t:s0 tty=(none) uid=0

Expected result:
If this is legit: no error.
else fix procmail ?
Comment 1 Daniel Walsh 2007-05-17 16:51:36 UTC 
This was caused by an anaconda bug which labeled /root incorrectly.
Fixed in Rawhide.