Bug 249205
| Summary: | SELinux is preventing /usr/libexec/postfix/smtpd (postfix_smtpd_t) "read write" to (null) (unlabeled_t) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Ashish Shukla <wahjava> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED DUPLICATE | QA Contact: | Ben Levenson <benl> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 7 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-07-23 14:03:33 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Description of problem: Whenever I execute fetchmail to fetch mail from my remote mail server, into my local mail server, I get this SELinux denial. I've even tried relabeling my filesystem, but no change. Version-Release number of selected component (if applicable): selinux-policy-2.6.4-26.fc7 selinux-policy-targeted-2.6.4-26.fc7 postfix-2.4.3-2.fc7 fetchmail-6.3.7-1.fc7 How reproducible: Reproducible everytime. Steps to Reproduce: 1. Start fetchmail. 2. 3. Actual results: Got SELinux AVC denial. Expected results: No AVC denial should be there. Additional info: Summary SELinux is preventing /usr/libexec/postfix/smtpd (postfix_smtpd_t) "read write" to (null) (unlabeled_t). Detailed Description SELinux denied access requested by /usr/libexec/postfix/smtpd. It is not expected that this access is required by /usr/libexec/postfix/smtpd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for (null), restorecon -v (null) If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:postfix_smtpd_t Target Context system_u:object_r:unlabeled_t Target Objects (null) [ file ] Affected RPM Packages postfix-2.4.3-2.fc7 [application] Policy RPM selinux-policy-2.6.4-26.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall_file Host Name chatteau.d.lf Platform Linux chatteau.d.lf 2.6.22.1-27.fc7 #1 SMP Tue Jul 17 17:19:58 EDT 2007 x86_64 x86_64 Alert Count 4 First Seen Sat 21 Jul 2007 07:16:32 PM IST Last Seen Sun 22 Jul 2007 09:54:23 PM IST Local ID 84ceaee6-fc20-4475-b0ae-46ad1d2f4fa5 Line Numbers Raw Audit Messages avc: denied { read, write } for comm="smtpd" cwd="/var/spool/postfix" dev=08:15 egid=0 euid=0 exe="/usr/libexec/postfix/smtpd" exit=0 fsgid=0 fsuid=0 gid=0 inode=10849240 item=1 items=2 mode=0100755 name="[eventpoll]" obj=system_u:object_r:ld_so_t:s0 ogid=0 ouid=0 path=(null) pid=4592 rdev=00:00 scontext=system_u:system_r:postfix_smtpd_t:s0 sgid=0 subj=system_u:system_r:postfix_smtpd_t:s0 suid=0 tclass=file tcontext=system_u:object_r:unlabeled_t:s0 tty=(none) uid=0