Bug 310681

Summary: SELinux prevented /usr/sbin/sendmail.sendmail from using the terminal 0.
Product: [Fedora] Fedora Reporter: Rodd Clarkson <rodd>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 8   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-09-28 13:07:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rodd Clarkson 2007-09-28 12:18:42 UTC
Summary
    SELinux prevented /usr/sbin/sendmail.sendmail from using the terminal 0.

Detailed Description
    SELinux prevented /usr/sbin/sendmail.sendmail from using the terminal 0. In
    most cases daemons do not need to interact with the terminal, usually these
    avc messages can be ignored.  All of the confined daemons should have
    dontaudit rules around using the terminal.  Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this selinux-
    policy.  If you would like to allow all daemons to interact with the
    terminal, you can turn on the allow_daemons_use_tty boolean.

Allowing Access
    Changing the "allow_daemons_use_tty" boolean to true will allow this access:
    "setsebool -P allow_daemons_use_tty=1."

    The following command will allow this access:
    setsebool -P allow_daemons_use_tty=1

Additional Information        

Source Context                system_u:system_r:sendmail_t:s0
Target Context                system_u:object_r:unconfined_devpts_t:s0
Target Objects                None [ chr_file ]
Affected RPM Packages         sendmail-8.14.1-4.2.fc8 [application]
Policy RPM                    selinux-policy-3.0.8-2.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.allow_daemons_use_tty
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.23-0.184.rc6.git4.fc8 #1 SMP Fri Sep 14
                              17:42:59 EDT 2007 i686 i686
Alert Count                   3
First Seen                    Thu 20 Sep 2007 10:56:03 PM EST
Last Seen                     Thu 20 Sep 2007 10:56:03 PM EST
Local ID                      72a682bd-df32-438f-a6b6-9e5913fbc413
Line Numbers                  

Raw Audit Messages            

avc: denied { read write } for comm=sendmail dev=devpts egid=51 euid=0
exe=/usr/sbin/sendmail.sendmail exit=0 fsgid=51 fsuid=0 gid=0 items=0 name=0
pid=5667 scontext=system_u:system_r:sendmail_t:s0 sgid=51
subj=system_u:system_r:sendmail_t:s0 suid=0 tclass=chr_file
tcontext=system_u:object_r:unconfined_devpts_t:s0 tty=(none) uid=0

Comment 1 Daniel Walsh 2007-09-28 13:07:54 UTC
Fixed in selinux-policy-3.0.8-14.fc8