Bug 522122
| Summary: | mls prevents exim settling logfile permissions | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Robert Story <rs> |
| Component: | selinux-policy-mls | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 11 | CC: | dwalsh |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-03-04 08:27:08 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Miroslav, I have these in F12. mls_file_read_all_levels(initrc_t) mls_file_write_all_levels(initrc_t) mls_process_read_up(initrc_t) mls_process_write_down(initrc_t) mls_rangetrans_source(initrc_t) mls_fd_share_all_levels(initrc_t) Are you still seeing this issue with the current F11 selinux-policy ? I am closing this bug as CURRENTRELEASE. Please reopen if the problem still persists. |
Description of problem: mls prevents exim settling logfile permissions Version-Release number of selected component (if applicable): selinux-policy-mls-3.6.12-80.fc11.noarch How reproducible: always Steps to Reproduce: 1. install exim 2. start exim 3. Actual results: avcs Expected results: no avcs Additional info: I'm not actually running a mail server, so I don't know if they affect exim functionality, but these avcs occur every time i reboot and exim is started... + type=AVC msg=audit(1252444939.825:29): avc: denied { setattr } for pid=1733 comm="chown" name="main.log" dev=dm-0 ino=48013 scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:exim_log_t:s0 tclass=file + type=AVC msg=audit(1252444939.826:30): avc: denied { setattr } for pid=1733 comm="chown" name="exim" dev=dm-0 ino=35396 scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:exim_log_t:s0 tclass=dir + type=AVC msg=audit(1252444939.835:31): avc: denied { setattr } for pid=1733 comm="chown" name="msglog" dev=dm-0 ino=35400 scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:exim_spool_t:s0 tclass=dir + type=AVC msg=audit(1252444939.837:32): avc: denied { setattr } for pid=1733 comm="chown" name="input" dev=dm-0 ino=35399 scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:exim_spool_t:s0 tclass=dir + type=AVC msg=audit(1252444939.845:33): avc: denied { setattr } for pid=1733 comm="chown" name="db" dev=dm-0 ino=35398 scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:exim_spool_t:s0 tclass=dir + type=AVC msg=audit(1252444939.846:34): avc: denied { setattr } for pid=1733 comm="chown" name="exim" dev=dm-0 ino=35397 scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:exim_spool_t:s0 tclass=dir