Bug 283481
Summary: | SElinux prevents smartd from sending warning mails | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Felix Schwarz <felix.schwarz> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 7 | CC: | jon.fairbairn |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Current | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-01-30 19:06:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Attachments: |
Description
Felix Schwarz
2007-09-08 12:02:43 UTC
Created attachment 190701 [details]
first selinux denial (complete output of sealert)
Created attachment 190711 [details]
extracted selinux denials
Created attachment 190721 [details]
generated policy addition with audit2allow
Added rudimentary exim policy selinux-policy-2.6.4-43.fc7.src.rpm A recent upgrade to selinux-policy-2.6.4-43.fc7 (or possibly -targeted-) seems to cause exim to be denied for many cases. eg type=AVC msg=audit(1191268740.384:7357): avc: denied { entrypoint } for pid=9568 comm="crond" name="exim" dev=md2 ino=259656 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:exim_exec_t:s0 tclass=file I'm a complete novice with SELinux, but I'll attach the .te file I knocked together to circumvent this. Created attachment 213581 [details]
Bodged extra allowals for exim over selinux-policy-2.6.4-43.fc7
I suspect the beginning of this .te file is bogus; I freely admit that I didn't
know what I was doing. I did seem to need all the allows though.
[before I updated to 2.6.4-43 I had no problems running exim]
Could you attach the audit.log used to generate these rules. Thanks. Created attachment 222791 [details]
result of grepping for exim through an audit log
I think this attachment covers them. I've been away and logrotate has run...
Bulk closing a old selinux policy bugs that were in the modified state. If the bug is still not fixed. Please reopen. |