220295 – postfix daily svc denial

Bug 220295 - postfix daily svc denial

Summary: postfix daily svc denial

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	postfix
Sub Component:
Version:	6
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	---
Assignee:	Thomas Woerner
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-12-20 09:00 UTC by Robert Hoekstra
Modified:	2018-04-11 09:58 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-10-04 12:04:19 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Robert Hoekstra 2006-12-20 09:00:32 UTC

Description of problem:
On a daily basis I get an svc denial message on 'sendmail.postfix' saying it
wants to open a /var/tmp/{file}... file which is being denied.

The actual message, though, 'seems' to come through, and the /var/tmp/{file}
does not exist anymore, so I cannot verify on this. the logs show that a
logwatch message is delivered, and postfix doesn't report anomalies in
/var/log/maillog.

=== Actual selinux report: ===
Source Context:               system_u:system_r:system_mail_t:SystemLow-SystemHigh
Target Context:               system_u:object_r:var_log_t
Target Objects:               /var/tmp/tmpgbuatMEPYLOG/tmpQyRQCZFILT [ file ]
Affected RPM Packages:        postfix-2.3.3-2 [application]
Policy RPM:                   selinux-policy-2.4.6-7.fc6
Selinux Enabled:              True
Policy Type:                  targeted
MLS Enabled:                  True
Enforcing Mode:               Enforcing
Plugin Name:                  plugins.catchall_file
Host Name:                    blackbird
Platform:                     Linux blackbird 2.6.18-1.2868.fc6 #1 SMP Fri Dec
15 17:32:54 EST 2006 i686 i686
Alert Count:                  1
Line Numbers:                 

Raw Audit Messages:           

avc: denied { read } for comm="sendmail" dev=hda4 egid=0 euid=0
exe="/usr/sbin/sendmail.postfix" exit=0 fsgid=0 fsuid=0 gid=0 items=0
name="maillog" path="/var/tmp/tmpgbuatMEPYLOG/tmpQyRQCZFILT" pid=5455
scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=system_u:object_r:var_log_t:s0 tty=(none) uid=0 

==============================

Version-Release number of selected component (if applicable):
postfix-2.3.3-2


How reproducible:
Not really known. I have an FC5->FC6 upgraded machine which is using postfix and
the root account is redirected to my user account through /etc/aliases. It
appears to occur when the machine starts up in the morning and anacron is
performing its daily tasks. It occurs daily, so if any additional debugging
needs to be done, it can be done daily.. during the day I am unable to reproduce.

Steps to Reproduce:
1. install postfix -- deinstall sendmail
2. redirect root mail to regular user
3. wait for daily reports at startup.

  
Actual results:
svc denial message

Expected results:
no svc denial message

Additional info:
If needed, please let me know.

Comment 1 Matěj Cepl 2007-05-29 21:23:05 UTC

Isn't this DUPLICATE of bug 215722?

Comment 2 Thomas Woerner 2007-06-05 10:01:37 UTC

Why are your files is /var/tmp labeled with var_log_t? is /var or /var/tmp a
symlink to somewhere else?

Please use restorecon or "fixfiles restore".

Comment 3 Thomas Woerner 2007-10-04 12:04:19 UTC

This bug entry was in needinfo for some time. Closing due to user inactivity as
"NOT A BUG".

Note You need to log in before you can comment on or make changes to this bug.