Description of problem: This always happens wenn fail2ban sends a mail via postfix. I don't know whether the write access is necessary (doesn't seem so, though). Probably it should be dont audit? SELinux is preventing /usr/sbin/postdrop from 'write' accesses on the file /tmp/fai2ban_t1ssIn.stderr (deleted). ***** Plugin leaks (86.2 confidence) suggests ***************************** If sie den write Zugriff von postdrop, auf fai2ban_t1ssIn.stderr (deleted) file ignorieren möchten, weil Sie glauben, dass dieser Zugriff nicht benötigt wird. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do # grep /usr/sbin/postdrop /var/log/audit/audit.log | audit2allow -D -M mypol # semodule -i mypol.pp ***** Plugin catchall (14.7 confidence) suggests ************************** If sie denken, dass es postdrop standardmässig erlaubt sein sollte, write Zugriff auf fai2ban_t1ssIn.stderr (deleted) file zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep postdrop /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:postfix_postdrop_t:s0 Target Context system_u:object_r:fail2ban_tmp_t:s0 Target Objects /tmp/fai2ban_t1ssIn.stderr (deleted) [ file ] Source postdrop Source Path /usr/sbin/postdrop Port <Unknown> Host (removed) Source RPM Packages postfix-2.10.2-2.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-106.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec 23 16:44:31 UTC 2013 x86_64 x86_64 Alert Count 12 First Seen 2013-12-31 12:31:14 CET Last Seen 2014-01-06 10:36:11 CET Local ID fd928c62-5463-4906-821f-6484c4150da9 Raw Audit Messages type=AVC msg=audit(1389000971.624:2306): avc: denied { write } for pid=2845 comm="postdrop" path=2F746D702F6661693262616E5F74317373496E2E737464657272202864656C6574656429 dev="tmpfs" ino=337261 scontext=system_u:system_r:postfix_postdrop_t:s0 tcontext=system_u:object_r:fail2ban_tmp_t:s0 tclass=file type=SYSCALL msg=audit(1389000971.624:2306): arch=x86_64 syscall=execve success=yes exit=0 a0=7ff05e1b9cf0 a1=7ff05e1ba7b0 a2=7ff05e1ba120 a3=0 items=0 ppid=2842 pid=2845 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=90 sgid=90 fsgid=90 ses=4294967295 tty=(none) comm=postdrop exe=/usr/sbin/postdrop subj=system_u:system_r:postfix_postdrop_t:s0 key=(null) Hash: postdrop,postfix_postdrop_t,fail2ban_tmp_t,file,write Additional info: reporter: libreport-2.1.10 hashmarkername: setroubleshoot kernel: 3.12.6-300.fc20.x86_64 type: libreport
d289bfc9094b3f1920f2d1f0e8cd188ab944ac99 allows this in git.
selinux-policy-3.12.1-116.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-116.fc20
Package selinux-policy-3.12.1-116.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-116.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-0806/selinux-policy-3.12.1-116.fc20 then log in and leave karma (feedback).
selinux-policy-3.12.1-116.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.