Bug 181283 - avc denied messages while sendmail upgrade
avc denied messages while sendmail upgrade
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: sendmail (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-12 13:51 EST by Robert Scheck
Modified: 2008-08-02 19:40 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-27 16:02:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Robert Scheck 2006-02-12 13:51:32 EST
Description of problem:
I got the following avc denied messages during the last sendmail upgrade - but 
I've got also MIMEDefang running, maybe one or another message is caused by
this combination?!

type=AVC msg=audit(1139661606.854:756741): avc:  denied  { dac_override } for  
pid=23207 comm="newaliases" capability=1 scontext=user_u:system_r:system_mail_t:
s0-s0:c0.c255 tcontext=user_u:system_r:system_mail_t:s0-s0:c0.c255 
tclass=capability
type=AVC msg=audit(1139661606.854:756741): avc:  denied  { getattr } for  
pid=23207 comm="newaliases" name="mimedefang.sock" dev=cciss/c0d0p2 ino=2801677 
scontext=user_u:system_r:system_mail_t:s0-s0:c0.c255 tcontext=user_u:object_r:
var_spool_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1139661606.854:756741): arch=40000003 syscall=196 
success=yes exit=0 a0=bf8e0728 a1=bf8e05c0 a2=f67ff4 a3=3 items=1 pid=23207 
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 
comm="newaliases" exe="/usr/sbin/sendmail.sendmail"
type=AVC_PATH msg=audit(1139661606.854:756741):  path="/var/spool/MIMEDefang/
mimedefang.sock"
type=CWD msg=audit(1139661606.854:756741):  cwd="/"
type=PATH msg=audit(1139661606.854:756741): item=0 name="/var/spool/MIMEDefang/
mimedefang.sock" flags=0  inode=2801677 dev=68:02 mode=0140750 ouid=103 ogid=103 
rdev=00:00
type=AVC msg=audit(1139661609.634:756742): avc:  denied  { read } for  pid=23239 
comm="hostname" name="submit.mc" dev=cciss/c0d0p2 ino=721256 scontext=user_u:
system_r:hostname_t:s0-s0:c0.c255 tcontext=system_u:object_r:etc_mail_t:s0 
tclass=file
type=AVC msg=audit(1139661609.634:756742): avc:  denied  { read } for  pid=23239 
comm="hostname" name="cf.m4" dev=cciss/c0d0p2 ino=2736232 scontext=user_u:
system_r:hostname_t:s0-s0:c0.c255 tcontext=system_u:object_r:usr_t:s0 
tclass=file
type=SYSCALL msg=audit(1139661609.634:756742): arch=40000003 syscall=11 
success=yes exit=0 a0=9128d38 a1=9127f88 a2=9128b40 a3=9128208 items=2pid=23239 
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="hostname" 
exe="/bin/hostname"
type=AVC_PATH msg=audit(1139661609.634:756742):  path="/usr/share/sendmail-cf/
m4/cf.m4"
type=AVC_PATH msg=audit(1139661609.634:756742):  path="/etc/mail/submit.mc"
type=CWD msg=audit(1139661609.634:756742):  cwd="/etc/mail"
type=PATH msg=audit(1139661609.634:756742): item=0 name="/bin/hostname" 
flags=101  inode=1261747 dev=68:02 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1139661609.634:756742): item=1 flags=101  inode=2965544 
dev=68:02 mode=0100755 ouid=0 ogid=0 rdev=00:00

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.2.11-1

Expected results:
No avc messages ;-)
Comment 1 Daniel Walsh 2006-02-13 10:14:21 EST
Sendmail is leaking file descriptors to /etc/mail/submit.mc and mimedefang.sock

You need to make sure file descriptors are closed on exec.
Comment 2 Daniel Walsh 2006-02-13 10:18:15 EST
Should /var/spool/MIMEDefang/ be labeled mail_spool_t?
Comment 3 Thomas Woerner 2006-02-17 11:37:45 EST
MIMEDefang is not part of sendmail. Are sou sure, that this is a problem of
sendmail and not mimedefang?
Comment 4 Robert Scheck 2006-02-17 11:42:45 EST
I'm not sure, as I already wrote.

But audit 1139661609.634 looks to be sendmail related, because nothing in my /
etc/mail/submit.mc is directly pointing to MIMEDefang. Or am I wrong?

Nevertheless, maybe there should be a upstream selinux-policy for MIMEDefang? ;)
Comment 5 Florian La Roche 2007-01-23 04:45:00 EST
Is this fixed with the current devel tree?

Thanks,

Florian La Roche

Note You need to log in before you can comment on or make changes to this bug.