Bug 839428
Summary: | SELinux reporting denied pipe read/write for sendmail.postfix | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Scott Shambarger <scott-fedora> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 17 | CC: | dominick.grift, dwalsh, mgrepl |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-08-10 22:35:26 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Scott Shambarger
2012-07-12 00:33:17 UTC
Added +allow mailserver_delivery mailserver_delivery:fifo_file rw_inherited_fifo_file_ to Rawhide to allow all mail apps to use inherited fifo files. Added to F17. Tested with selinux-policy-3.10.0-140: type=AVC msg=audit(1343362745.333:30288): avc: denied { write } for pid=1841 comm="sendmail" path="pipe:[1271669]" dev="pipefs" ino=1271669 scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=fifo_file ... still logged. Try the lastest build from koji http://koji.fedoraproject.org/koji/buildinfo?buildID=343797 selinux-policy-3.10.0-142.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-142.fc17 Installed and tried selinux-policy-3.10.0-142, but still getting the same denial -- audit2why -b: type=AVC msg=audit(1343412672.784:91): avc: denied { write } for pid=2031 comm="sendmail" path="pipe:[20651]" dev="pipefs" ino=20651 scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=fifo_file type=AVC msg=audit(1343412672.784:91): avc: denied { read } for pid=2031 comm="sendmail" path="pipe:[20651]" dev="pipefs" ino=20651 scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=fifo_file Package selinux-policy-3.10.0-142.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-142.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-11215/selinux-policy-3.10.0-142.fc17 then log in and leave karma (feedback). Ah, you are right. I found a bug. Fixed in selinux-policy-3.10.0-143 selinux-policy-3.10.0-142.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. Re-opening since -142 did not include the fix (In reply to comment #9) > Fixed in selinux-policy-3.10.0-143 Yes, but -143 seems to have a build error related to spamassassin... might want to investigate that. Fixed. Installed -143, still exactly the same errors logged (ref comment#6) Ah, I meant fixed in -144 which is now built. selinux-policy-3.10.0-145.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-145.fc17 Funny, -145 still hasn't shown up in the updates-testing cache (yum reports using mirror.web-ster.com) -- even if I nuke the cache, the package file is still dated Aug 5th... are the mirrors having problems? Package selinux-policy-3.10.0-145.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-145.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-11591/selinux-policy-3.10.0-145.fc17 then log in and leave karma (feedback). selinux-policy-3.10.0-145.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. Finally had a chance to test this, and yes, it's fixed in -145 :) |