Description of problem: When upgrading to the latest tz data I get a warning in setroubleshoot Version-Release number of selected component (if applicable): selinux-policy-2.4.6-23.fc6 glibc-common-2.5-10.fc6 tzdata-2006p-1.fc6 How reproducible: DO not know only upgraded once. Steps to Reproduce: 1. yum update tzdata 2. 3. Actual results: setroubleshoot pops up a wasning Expected results: No warning Additional info: Screen shot with details attached
Created attachment 145937 [details] Screen shot showing the errors from setroubleshoot
Since it looks like the screen shot is unreadable here are the details in the setroubleshoot screen: SELinux is preventing /usr/sbin/tzdata-update (tzdata_t) "search" access to postfix (postfix_spool_t). SELinux denied access requested by /usr/sbin/tzdata-update. It is not expected that this access is required by /usr/sbin/tzdata-update and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Please file a bug report against this package. Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for postfix, restorecon -v postfix. There is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ - or you can disable SELinux protection entirely for the application. Disabling SELinux protection is not recommended. Please file a bug report against this package. Changing the "tzdata_disable_trans" boolean to true will disable SELinux protection this application: "setsebool -P tzdata_disable_trans=1."The following command will allow this access:setsebool -P tzdata_disable_trans=1 Source Context: user_u:system_r:tzdata_t Target Context: system_u:object_r:postfix_spool_t Target Objects: postfix [ dir ] Affected RPM Packages: glibc-common-2.5-10.fc6 [application] Policy RPM: selinux-policy-2.4.6-23.fc6 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: plugins.disable_trans Platform: Linux tigger.tntechs.com 2.6.18-1.2869.fc6 #1 SMP Wed Dec 20 14:51:19 EST 2006 i686 athlon Alert Count: 1 avc: denied { search } for comm="tzdata-update" dev=dm-5 egid=0 euid=0 exe="/usr/sbin/tzdata-update" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="postfix" pid=5073 scontext=user_u:system_r:tzdata_t:s0 sgid=0 subj=user_u:system_r:tzdata_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:postfix_spool_t:s0 tty=(none) uid=0
Fixed in selinux-policy-2.4.6-27.fc6
Fixed in current release