Bug 489747
Summary: | root email not getting forwarded | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Mace Moneta <moneta.mace> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | grdetil |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-03-27 18:57:36 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mace Moneta
2009-03-11 16:58:22 UTC
I've had the same problem on my rawhide system since December 8, 2008, just a few hours after this update: Dec 08 13:05:49 Updated: sendmail-8.14.3-2.fc11.i386 Dec 08 13:08:25 Updated: selinux-policy-targeted-3.6.1-6.fc11.noarch I tried loading the local policy shown above, and it didn't make a difference. Using the sealert -b browser, there seems to have been only 5 AVC denied messages related to sendmail attempting to access /root/.forward, and the most recent of them was December 10. I tried changing the mode on /root to readable and searchable by all (755) and that didn't help. What did help was "setenforce 0", so clearly it is an SELinux problem, but why are we getting SELinux denials with nothing being logged in /var/log/audit/audit.log? Yeah, I confirmed the local policy change no longer works with the current policy, and there's no audit but setenforce 0 does work. I changed the sendmail aliases as a workaround, but that's not as dynamic. A permission denied without an audit is troubling. Fixed in selinux-policy-3.6.10-4.fc11.noarch Thanks, Daniel. Does the new policy fix the problem with access to /root/.forward, the problem with denials not getting logged, or both? Should I open a new bug report for the lack of audits in the log? |