Bug 123107 - selinux audit message from fetchmail
selinux audit message from fetchmail
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Russell Coker
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2004-05-12 11:41 EDT by Tim Waugh
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-05-12 13:46:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tim Waugh 2004-05-12 11:41:54 EDT
Description of problem:
While running 'fetchmail -a' in enforcing mode I get this audit message:

audit(1084375398.024:0): avc:  denied  { setrlimit } for  pid=5465
exe=/usr/bin/fetchmail scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=process

It comes from this code in fetchmail.c:

     * Before getting passwords, disable core dumps unless -v -d0 mode
is on.
     * Core dumps could otherwise contain passwords to be scavenged by a
     * cracker.
    if (outlevel < O_VERBOSE || run.poll_interval > 0)
        struct rlimit corelimit;
        corelimit.rlim_cur = 0;
        corelimit.rlim_max = 0;
        setrlimit(RLIMIT_CORE, &corelimit);
#endif /* HAVE_SETRLIMIT */

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Run 'fetchmail -a' with a valid config.
Comment 1 Daniel Walsh 2005-05-12 13:46:40 EDT
Fetchmail runs under it's own context now so this is fixed.

Note You need to log in before you can comment on or make changes to this bug.