Bug 220295 - postfix daily svc denial
postfix daily svc denial
Product: Fedora
Classification: Fedora
Component: postfix (Show other bugs)
i686 Linux
medium Severity low
: ---
: ---
Assigned To: Thomas Woerner
Depends On:
  Show dependency treegraph
Reported: 2006-12-20 04:00 EST by Robert Hoekstra
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-10-04 08:04:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Robert Hoekstra 2006-12-20 04:00:32 EST
Description of problem:
On a daily basis I get an svc denial message on 'sendmail.postfix' saying it
wants to open a /var/tmp/{file}... file which is being denied.

The actual message, though, 'seems' to come through, and the /var/tmp/{file}
does not exist anymore, so I cannot verify on this. the logs show that a
logwatch message is delivered, and postfix doesn't report anomalies in

=== Actual selinux report: ===
Source Context:               system_u:system_r:system_mail_t:SystemLow-SystemHigh
Target Context:               system_u:object_r:var_log_t
Target Objects:               /var/tmp/tmpgbuatMEPYLOG/tmpQyRQCZFILT [ file ]
Affected RPM Packages:        postfix-2.3.3-2 [application]
Policy RPM:                   selinux-policy-2.4.6-7.fc6
Selinux Enabled:              True
Policy Type:                  targeted
MLS Enabled:                  True
Enforcing Mode:               Enforcing
Plugin Name:                  plugins.catchall_file
Host Name:                    blackbird
Platform:                     Linux blackbird 2.6.18-1.2868.fc6 #1 SMP Fri Dec
15 17:32:54 EST 2006 i686 i686
Alert Count:                  1
Line Numbers:                 

Raw Audit Messages:           

avc: denied { read } for comm="sendmail" dev=hda4 egid=0 euid=0
exe="/usr/sbin/sendmail.postfix" exit=0 fsgid=0 fsuid=0 gid=0 items=0
name="maillog" path="/var/tmp/tmpgbuatMEPYLOG/tmpQyRQCZFILT" pid=5455
scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=system_u:object_r:var_log_t:s0 tty=(none) uid=0 


Version-Release number of selected component (if applicable):

How reproducible:
Not really known. I have an FC5->FC6 upgraded machine which is using postfix and
the root account is redirected to my user account through /etc/aliases. It
appears to occur when the machine starts up in the morning and anacron is
performing its daily tasks. It occurs daily, so if any additional debugging
needs to be done, it can be done daily.. during the day I am unable to reproduce.

Steps to Reproduce:
1. install postfix -- deinstall sendmail
2. redirect root mail to regular user
3. wait for daily reports at startup.

Actual results:
svc denial message

Expected results:
no svc denial message

Additional info:
If needed, please let me know.
Comment 1 Matěj Cepl 2007-05-29 17:23:05 EDT
Isn't this DUPLICATE of bug 215722?
Comment 2 Thomas Woerner 2007-06-05 06:01:37 EDT
Why are your files is /var/tmp labeled with var_log_t? is /var or /var/tmp a
symlink to somewhere else?

Please use restorecon or "fixfiles restore".
Comment 3 Thomas Woerner 2007-10-04 08:04:19 EDT
This bug entry was in needinfo for some time. Closing due to user inactivity as

Note You need to log in before you can comment on or make changes to this bug.