Bug 1584312 - SELinux dac_override breaks exim hourly queue run
Summary: SELinux dac_override breaks exim hourly queue run
Keywords:
Status: CLOSED DUPLICATE of bug 1574303
Alias: None
Product: Fedora
Classification: Fedora
Component: exim
Version: 28
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: David Woodhouse
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-30 17:07 UTC by Joe Orton
Modified: 2018-05-31 16:13 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-05-31 16:13:08 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Joe Orton 2018-05-30 17:07:48 UTC
Description of problem:
The hourly queue run no longer happens in Fedora 28, and there is audit log spam which I assume is related.

Version-Release number of selected component (if applicable):
exim-4.91-1.fc28.x86_64
selinux-policy-3.14.1-29.fc28.noarch

How reproducible:
always

Steps to Reproduce:
1. send mail offline
2. go online
3. expect mail to be delivered

Actual results:
no queue run, much audit spam

Expected results:
much mail sent, no audit spam

Additional info:
ausearch -ts today spams hourly:

time->Wed May 30 09:13:04 2018
type=AVC msg=audit(1527667984.934:320): avc:  denied  { dac_override } for  pid=8485 comm="exim" capability=1  scontext=system_u:system_r:exim_t:s0 tcontext=system_u:system_r:exim_t:s0 tclass=capability permissive=0
----
time->Wed May 30 10:13:04 2018
type=AVC msg=audit(1527671584.933:372): avc:  denied  { dac_override } for  pid=10926 comm="exim" capability=1  scontext=system_u:system_r:exim_t:s0 tcontext=system_u:system_r:exim_t:s0 tclass=capability permissive=0

...

Comment 1 Jaroslav Škarvada 2018-05-31 07:46:55 UTC
I guess it's dupe of bug 1574303, please try with selinux-policy-3.14.1-30.fc28.

Comment 2 Joe Orton 2018-05-31 16:13:08 UTC
Thanks, yes, it works with the updated selinux-policy.

*** This bug has been marked as a duplicate of bug 1574303 ***


Note You need to log in before you can comment on or make changes to this bug.