Description of problem: While updating to rawhide 2007-09-18 sendmail causes the following AVC message. Version-Release number of selected component (if applicable): [pgraner@moltar ~]$ rpm -q selinux-policy-targeted selinux-policy-targeted-3.0.7-10.fc8 Summary SELinux prevented /usr/sbin/sendmail.sendmail from using the terminal 2. Detailed Description SELinux prevented /usr/sbin/sendmail.sendmail from using the terminal 2. In most cases daemons do not need to interact with the terminal, usually these avc messages can be ignored. All of the confined daemons should have dontaudit rules around using the terminal. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this selinux- policy. If you would like to allow all daemons to interact with the terminal, you can turn on the allow_daemons_use_tty boolean. Allowing Access Changing the "allow_daemons_use_tty" boolean to true will allow this access: "setsebool -P allow_daemons_use_tty=1." The following command will allow this access: setsebool -P allow_daemons_use_tty=1 Additional Information Source Context system_u:system_r:sendmail_t Target Context system_u:object_r:unconfined_devpts_t Target Objects 2 [ chr_file ] Affected RPM Packages sendmail-8.14.1-4.2.fc8 [application] Policy RPM selinux-policy-3.0.7-10.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.allow_daemons_use_tty Host Name moltar.redvoodoo.org Platform Linux moltar.redvoodoo.org 2.6.23-0.184.rc6.git4.fc8 #1 SMP Fri Sep 14 17:42:59 EDT 2007 i686 i686 Alert Count 2 First Seen Tue 18 Sep 2007 10:01:17 AM EDT Last Seen Tue 18 Sep 2007 10:01:18 AM EDT Local ID faf8f01c-fc21-4ee7-9594-4681b49a41ee Line Numbers Raw Audit Messages avc: denied { read, write } for comm=sendmail dev=devpts egid=51 euid=0 exe=/usr/sbin/sendmail.sendmail exit=0 fsgid=51 fsuid=0 gid=0 items=0 name=2 pid=10010 scontext=system_u:system_r:sendmail_t:s0 sgid=51 subj=system_u:system_r:sendmail_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:unconfined_devpts_t:s0 tty=pts2 uid=0
Fixed in selinux-policy-3.0.8-1.fc8
User pgraner's account has been closed
Bulk closing a old selinux policy bugs that were in the modified state. If the bug is still not fixed. Please reopen.