172724 – /usr/lib/sendmail won't, if started from xemacs

Bug 172724 - /usr/lib/sendmail won't, if started from xemacs

Summary: /usr/lib/sendmail won't, if started from xemacs

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Russell Coker
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-11-08 17:58 UTC by Alexandre Oliva
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2005-11-30 18:40:19 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Alexandre Oliva 2005-11-08 17:58:14 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8) Gecko/20051103 Fedora/1.5-0.5.0.rc1 Firefox/1.5

Description of problem:
I use Gnus for mail, within XEmacs from Fedora Extras, at least until GNU Emacs is released with a newer version of Gnus.  Starting today, I was unable to send e-mail from within XEmacs.  I tried calling sendmail-send-it from a buffer within GNU Emacs, and the same problem happened, although GNU Emacs did not give the impression it had failed, unlike XEmacs.

The problem is that sendmail is unable to read the input files that Emacsen create to feed it the message, as shown below:

type=AVC msg=audit(1131471285.479:3502): avc:  denied  { read } for  pid=4640 comm="sendmail" name="emacsy9AKlX" dev=dm-1 ino=2228449 scontext=user_u:system_r:system_mail_t:s0-s0:c0.c255 tcontext=user_u:object_r:tmp_t:s0 tclass=file
type=SYSCALL msg=audit(1131471285.479:3502): arch=c000003e syscall=59 success=yes exit=0 a0=7fffff87aa50 a1=7fffff87aa10 a2=7fffff87bdd0 a3=7fffff87a950 items=2 pid=4640 auid=4294967295 uid=404 gid=404 euid=404 suid=404 fsuid=404 egid=51 sgid=51 fsgid=51 comm="sendmail" exe="/usr/sbin/sendmail.sendmail"
type=AVC_PATH msg=audit(1131471285.479:3502):  path="/tmp/aoliva/emacsy9AKlX"
type=CWD msg=audit(1131471285.479:3502):  cwd="/"
type=PATH msg=audit(1131471285.479:3502): item=0 name="/usr/lib/sendmail" flags=101  inode=2727504 dev=fd:01 mode=0102755 ouid=0 ogid=51 rdev=00:00
type=PATH msg=audit(1131471285.479:3502): item=1 flags=101  inode=2984250 dev=fd:01 mode=0100755 ouid=0 ogid=0 rdev=00:00

If you run sendmail from the command line, you'll also get logs about sendmail being unable to getattr or ioctl the terminal, but that appears to be harmless.  Here are the two local.te entries I've added to avoid all of these errors:

allow system_mail_t devpts_t:chr_file { getattr ioctl };
allow system_mail_t tmp_t:file read;


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.27.2-16 xemacs-21.4.17-4

How reproducible:
Always

Steps to Reproduce:
1.Try to send e-mail from within Emacs, or create a file in /tmp and feed it to /usr/lib/sendmail

Actual Results:  It fails to read the input file

Expected Results:  It worked before today's update

Additional info:

Comment 1 Alexandre Oliva 2005-11-08 18:10:03 UTC

Correction: if you start /usr/lib/sendmail from the command line, it apparently
works, after all.  You have to run it from within Emacs to get the error, it
seems.  So the recipe actually involves starting Emacs, creating a buffer with
the following contents:

From: some.address
To: you
Subject: test

test

And then type M-x load-library RET sendmail M-: (sendmail-send-it) RET

You'll see that, in GNU Emacs, you get no error whatsoever, but the message is
not accepted for delivery either.  XEmacs complains about being unable to send
the e-mail.

Comment 2 Daniel Walsh 2005-11-28 18:18:25 UTC

Fixed in selinux-policy-targeted-2.0.5-4

Comment 3 Alexandre Oliva 2005-11-30 18:40:19 UTC

Thanks, confirmed.

Note You need to log in before you can comment on or make changes to this bug.