Bug 663866
| Summary: | SELinux is preventing the spamd daemon from reading users' home directories. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Paul <paulcarr> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 14 | CC: | dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | setroubleshoot_trace_hash:a617801d47ded31578e3157077ea2d2cb92bd84cbdbb7f685401a51c18143426 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-12-17 07:04:22 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The alert told you what to do. Fix Command: setsebool -P spamd_enable_home_dirs=1 |
Summary: SELinux is preventing the spamd daemon from reading users' home directories. Detailed Description: SELinux has denied the spamd daemon access to users' home directories. Someone is attempting to access your home directories via your spamd daemon. If you only setup spamd to share non-home directories, this probably signals an intrusion attempt. Allowing Access: If you want spamd to share home directories you need to turn on the spamd_enable_home_dirs boolean: "setsebool -P spamd_enable_home_dirs=1" Fix Command: setsebool -P spamd_enable_home_dirs=1 Additional Information: Source Context system_u:system_r:spamd_t:s0 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects /home/qamun/.razor [ dir ] Source spamd Source Path /usr/bin/perl Port <Unknown> Host (removed) Source RPM Packages perl-5.12.2-140.fc14 Target RPM Packages Policy RPM selinux-policy-3.9.7-16.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name spamd_enable_home_dirs Host Name (removed) Platform Linux (removed) 2.6.35.6-48.fc14.i686 #1 SMP Fri Oct 22 15:34:36 UTC 2010 i686 i686 Alert Count 10 First Seen Thu 16 Dec 2010 05:18:45 PM CST Last Seen Thu 16 Dec 2010 11:13:10 PM CST Local ID 202abf22-f004-4ba1-bc84-6bb5243fa2fe Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1292562790.581:24555): avc: denied { getattr } for pid=5899 comm="spamd" path="/home/qamun/.razor" dev=dm-2 ino=18743767 scontext=system_u:system_r:spamd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1292562790.581:24555): arch=40000003 syscall=195 success=no exit=-13 a0=92205d8 a1=82080c4 a2=51aff4 a3=8208008 items=0 ppid=28619 pid=5899 auid=0 uid=0 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 tty=(none) ses=162 comm="spamd" exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) Hash String generated from spamd_enable_home_dirs,spamd,spamd_t,user_home_t,dir,getattr audit2allow suggests: #============= spamd_t ============== #!!!! This avc can be allowed using the boolean 'spamd_enable_home_dirs' allow spamd_t user_home_t:dir getattr;