Bug 249207
| Summary: | SELinux is preventing /usr/libexec/postfix/local (postfix_local_t) "read write" to (null) (unlabeled_t). | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Ashish Shukla <wahjava> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED DUPLICATE | QA Contact: | Ben Levenson <benl> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 7 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-07-23 14:06:36 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Description of problem: When sending mail using "mail" got this SELinux AVC denial. Version-Release number of selected component (if applicable): mailx-8.1.1-46.fc7 postfix-2.4.3-2.fc7 selinux-policy-targeted-2.6.4-26.fc7 selinux-policy-2.6.4-26.fc7 How reproducible: Reproducible everytime. Steps to Reproduce: 1. Execute following command on shell: echo hi |mail -s hi root Actual results: Got SELinux AVC denial Expected results: Should get no SELinux AVC denial. Additional info: Summary SELinux is preventing /usr/libexec/postfix/local (postfix_local_t) "read write" to (null) (unlabeled_t). Detailed Description SELinux denied access requested by /usr/libexec/postfix/local. It is not expected that this access is required by /usr/libexec/postfix/local and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for (null), restorecon -v (null) If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:postfix_local_t Target Context system_u:object_r:unlabeled_t Target Objects (null) [ file ] Affected RPM Packages postfix-2.4.3-2.fc7 [application] Policy RPM selinux-policy-2.6.4-26.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall_file Host Name chatteau.d.lf Platform Linux chatteau.d.lf 2.6.22.1-27.fc7 #1 SMP Tue Jul 17 17:19:58 EDT 2007 x86_64 x86_64 Alert Count 11 First Seen Sat 21 Jul 2007 07:12:19 PM IST Last Seen Sun 22 Jul 2007 10:07:05 PM IST Local ID b369abcd-ae5d-4a16-a19c-60368c8cb5ff Line Numbers Raw Audit Messages avc: denied { read, write } for comm="local" cwd="/var/spool/postfix" dev=08:15 egid=0 euid=0 exe="/usr/libexec/postfix/local" exit=0 fsgid=0 fsuid=0 gid=0 inode=10849240 item=1 items=2 mode=0100755 name="[eventpoll]" obj=system_u:object_r:ld_so_t:s0 ogid=0 ouid=0 path=(null) pid=7807 rdev=00:00 scontext=system_u:system_r:postfix_local_t:s0 sgid=0 subj=system_u:system_r:postfix_local_t:s0 suid=0 tclass=file tcontext=system_u:object_r:unlabeled_t:s0 tty=(none) uid=0