Bug 960900
| Summary: | SELinux is preventing /usr/libexec/postfix/cleanup from 'lock' accesses on the file /var/spool/postfix/pid/unix.cleanup. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nicolas Mailhot <nicolas.mailhot> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | dominick.grift, dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:c54f621330457a2d65a2447b3e721c9f0c26f6f0a3216a0b0d2ed752fb994dd6 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-05-08 14:52:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 960894 *** |
Description of problem: SELinux is preventing /usr/libexec/postfix/cleanup from 'lock' accesses on the file /var/spool/postfix/pid/unix.cleanup. ***** Plugin catchall (100. confidence) suggests *************************** If vous pensez que cleanup devrait être autorisé à accéder lock sur unix.cleanup file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep cleanup /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:postfix_cleanup_t:s0 Target Context system_u:object_r:postfix_var_run_t:s0 Target Objects /var/spool/postfix/pid/unix.cleanup [ file ] Source cleanup Source Path /usr/libexec/postfix/cleanup Port <Inconnu> Host (removed) Source RPM Packages postfix-2.10.0-1.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-41.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.10.0-0.rc0.git21.1.fc20.x86_64 #1 SMP Tue May 7 19:47:51 UTC 2013 x86_64 x86_64 Alert Count 5 First Seen 2013-05-08 11:27:36 CEST Last Seen 2013-05-08 11:32:23 CEST Local ID 6b6ad7cf-9e2a-4a4a-9498-d62c11e1d748 Raw Audit Messages type=AVC msg=audit(1368005543.11:155): avc: denied { lock } for pid=3935 comm="cleanup" path="/var/spool/postfix/pid/unix.cleanup" dev="dm-0" ino=3024616 scontext=system_u:system_r:postfix_cleanup_t:s0 tcontext=system_u:object_r:postfix_var_run_t:s0 tclass=file type=SYSCALL msg=audit(1368005543.11:155): arch=x86_64 syscall=flock success=yes exit=0 a0=8 a1=2 a2=2 a3=7fff1e7dd220 items=0 ppid=2381 pid=3935 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 ses=4294967295 tty=(none) comm=cleanup exe=/usr/libexec/postfix/cleanup subj=system_u:system_r:postfix_cleanup_t:s0 key=(null) Hash: cleanup,postfix_cleanup_t,postfix_var_run_t,file,lock audit2allow #============= postfix_cleanup_t ============== allow postfix_cleanup_t postfix_var_run_t:file lock; audit2allow -R require { type postfix_cleanup_t; type postfix_var_run_t; class file lock; } #============= postfix_cleanup_t ============== allow postfix_cleanup_t postfix_var_run_t:file lock; Additional info: hashmarkername: setroubleshoot kernel: 3.10.0-0.rc0.git21.1.fc20.x86_64 type: libreport