Description of problem: On a daily basis I get an svc denial message on 'sendmail.postfix' saying it wants to open a /var/tmp/{file}... file which is being denied. The actual message, though, 'seems' to come through, and the /var/tmp/{file} does not exist anymore, so I cannot verify on this. the logs show that a logwatch message is delivered, and postfix doesn't report anomalies in /var/log/maillog. === Actual selinux report: === Source Context: system_u:system_r:system_mail_t:SystemLow-SystemHigh Target Context: system_u:object_r:var_log_t Target Objects: /var/tmp/tmpgbuatMEPYLOG/tmpQyRQCZFILT [ file ] Affected RPM Packages: postfix-2.3.3-2 [application] Policy RPM: selinux-policy-2.4.6-7.fc6 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: plugins.catchall_file Host Name: blackbird Platform: Linux blackbird 2.6.18-1.2868.fc6 #1 SMP Fri Dec 15 17:32:54 EST 2006 i686 i686 Alert Count: 1 Line Numbers: Raw Audit Messages: avc: denied { read } for comm="sendmail" dev=hda4 egid=0 euid=0 exe="/usr/sbin/sendmail.postfix" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="maillog" path="/var/tmp/tmpgbuatMEPYLOG/tmpQyRQCZFILT" pid=5455 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 suid=0 tclass=file tcontext=system_u:object_r:var_log_t:s0 tty=(none) uid=0 ============================== Version-Release number of selected component (if applicable): postfix-2.3.3-2 How reproducible: Not really known. I have an FC5->FC6 upgraded machine which is using postfix and the root account is redirected to my user account through /etc/aliases. It appears to occur when the machine starts up in the morning and anacron is performing its daily tasks. It occurs daily, so if any additional debugging needs to be done, it can be done daily.. during the day I am unable to reproduce. Steps to Reproduce: 1. install postfix -- deinstall sendmail 2. redirect root mail to regular user 3. wait for daily reports at startup. Actual results: svc denial message Expected results: no svc denial message Additional info: If needed, please let me know.
Isn't this DUPLICATE of bug 215722?
Why are your files is /var/tmp labeled with var_log_t? is /var or /var/tmp a symlink to somewhere else? Please use restorecon or "fixfiles restore".
This bug entry was in needinfo for some time. Closing due to user inactivity as "NOT A BUG".