Description of problem: Using exim with a mysql backend creates AVCs like this (which seem non fatal): type=AVC msg=audit(1569840075.337:364580): avc: denied { getattr } for pid=1056 comm="exim" path="/etc/my.cnf" dev="vda5" ino=17362796 scontext=system_u:system_r:exim_t:s0 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file permissive=0 The mysql client libraries want to read the mysql config files in /etc. This should probably be allowed, as there might be client specific configuration there. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.14.3-46.fc30.noarch How reproducible: Always This also applies to RHEL7 if exim is installed from EPEL. I suspect EPEL8 to have the same issue once exim shows up there.
commit e498b210872f0667febfa8f52f007ee6ff256d20 (HEAD -> rawhide) Author: Lukas Vrabec <lvrabec> Date: Wed Oct 2 12:41:00 2019 +0200 Allow exim_t to read mysqld conf files if exim_can_connect_db is enabled. BZ(1756973)
FEDORA-2019-6bbf3d600d has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6bbf3d600d
selinux-policy-3.14.3-48.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6bbf3d600d
selinux-policy-3.14.3-49.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6bbf3d600d
FEDORA-2019-d68c9e27f8 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-d68c9e27f8
selinux-policy-3.14.3-50.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-d68c9e27f8
FEDORA-2019-f83217e2bf has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-f83217e2bf
selinux-policy-3.14.3-51.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-f83217e2bf
FEDORA-2019-70d80ad4bc has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-70d80ad4bc
selinux-policy-3.14.3-52.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-70d80ad4bc
selinux-policy-3.14.3-52.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.