Bug 247847 - selinux complains about sendmail accessing a file in tmp every day
Summary: selinux complains about sendmail accessing a file in tmp every day
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 7
Hardware: i686
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-07-11 17:30 UTC by stanl
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version: Current
Clone Of:
Environment:
Last Closed: 2007-08-22 14:08:37 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
setroubleshoot page for this error (2.24 KB, text/plain)
2007-07-11 17:30 UTC, stanl
no flags Details

Description stanl 2007-07-11 17:30:52 UTC
Description of problem:
SELinux has denied /usr/sbin/sendmail.sendmail access to potentially mislabeled
file(s) (/tmp/file6bChg8 (deleted)). This means that SELinux will not allow
/usr/sbin/sendmail.sendmail to use these files. It is common for users to edit
files in their home directory or tmp directories and then move (mv) them to
system directories. The problem is that the files end up with the wrong file
context which confined applications are not allowed to access.

Version-Release number of selected component (if applicable):
latest package in FC7

How reproducible:
Happens every day when the logwatch file is created and sent to root

Steps to Reproduce:
1.Run logwatch on FC7 using sendmail.  System set it up.
2.
3.
  
Actual results:
Running in permissive mode, so sendmail deletes the file.

Expected results:
No warning for sendmail to use temporary file.

Additional info:
Running the restorecon command recommended by setroubleshoot has no effect
because this is a temporary file.

Comment 1 stanl 2007-07-11 17:30:52 UTC
Created attachment 158977 [details]
setroubleshoot page for this error

Comment 2 Daniel Walsh 2007-07-11 19:56:53 UTC
Fixed in selinux-policy-2.6.4-27

Comment 3 Daniel Walsh 2007-08-22 14:08:37 UTC
Closing as fixes are in the current release


Note You need to log in before you can comment on or make changes to this bug.