Red Hat Bugzilla – Bug 247847
selinux complains about sendmail accessing a file in tmp every day
Last modified: 2007-11-30 17:12:10 EST
Description of problem:
SELinux has denied /usr/sbin/sendmail.sendmail access to potentially mislabeled
file(s) (/tmp/file6bChg8 (deleted)). This means that SELinux will not allow
/usr/sbin/sendmail.sendmail to use these files. It is common for users to edit
files in their home directory or tmp directories and then move (mv) them to
system directories. The problem is that the files end up with the wrong file
context which confined applications are not allowed to access.
Version-Release number of selected component (if applicable):
latest package in FC7
Happens every day when the logwatch file is created and sent to root
Steps to Reproduce:
1.Run logwatch on FC7 using sendmail. System set it up.
Running in permissive mode, so sendmail deletes the file.
No warning for sendmail to use temporary file.
Running the restorecon command recommended by setroubleshoot has no effect
because this is a temporary file.
Created attachment 158977 [details]
setroubleshoot page for this error
Fixed in selinux-policy-2.6.4-27
Closing as fixes are in the current release