Description of problem: While running 'fetchmail -a' in enforcing mode I get this audit message: audit(1084375398.024:0): avc: denied { setrlimit } for pid=5465 exe=/usr/bin/fetchmail scontext=user_u:user_r:user_t tcontext=user_u:user_r:user_t tclass=process It comes from this code in fetchmail.c: #ifdef HAVE_SETRLIMIT /* * Before getting passwords, disable core dumps unless -v -d0 mode is on. * Core dumps could otherwise contain passwords to be scavenged by a * cracker. */ if (outlevel < O_VERBOSE || run.poll_interval > 0) { struct rlimit corelimit; corelimit.rlim_cur = 0; corelimit.rlim_max = 0; setrlimit(RLIMIT_CORE, &corelimit); } #endif /* HAVE_SETRLIMIT */ Version-Release number of selected component (if applicable): fetchmail-6.2.5-2 policy-1.11.3-5 How reproducible: 100% Steps to Reproduce: 1. Run 'fetchmail -a' with a valid config.
Fetchmail runs under it's own context now so this is fixed.