247847 – selinux complains about sendmail accessing a file in tmp every day

Bug 247847 - selinux complains about sendmail accessing a file in tmp every day

Summary: selinux complains about sendmail accessing a file in tmp every day

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	7
Hardware:	i686
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-07-11 17:30 UTC by stanl
Modified:	2007-11-30 22:12 UTC (History)
CC List:	0 users
Fixed In Version:	Current
Clone Of:
Environment:
Last Closed:	2007-08-22 14:08:37 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
setroubleshoot page for this error (2.24 KB, text/plain) 2007-07-11 17:30 UTC, stanl	no flags	Details
View All

Description stanl 2007-07-11 17:30:52 UTC

Description of problem:
SELinux has denied /usr/sbin/sendmail.sendmail access to potentially mislabeled
file(s) (/tmp/file6bChg8 (deleted)). This means that SELinux will not allow
/usr/sbin/sendmail.sendmail to use these files. It is common for users to edit
files in their home directory or tmp directories and then move (mv) them to
system directories. The problem is that the files end up with the wrong file
context which confined applications are not allowed to access.

Version-Release number of selected component (if applicable):
latest package in FC7

How reproducible:
Happens every day when the logwatch file is created and sent to root

Steps to Reproduce:
1.Run logwatch on FC7 using sendmail.  System set it up.
2.
3.
  
Actual results:
Running in permissive mode, so sendmail deletes the file.

Expected results:
No warning for sendmail to use temporary file.

Additional info:
Running the restorecon command recommended by setroubleshoot has no effect
because this is a temporary file.

Comment 1 stanl 2007-07-11 17:30:52 UTC

Created attachment 158977 [details]
setroubleshoot page for this error

Comment 2 Daniel Walsh 2007-07-11 19:56:53 UTC

Fixed in selinux-policy-2.6.4-27

Comment 3 Daniel Walsh 2007-08-22 14:08:37 UTC

Closing as fixes are in the current release

Note You need to log in before you can comment on or make changes to this bug.