Bug 294801 - Yum update of sendmail causes AVC
Summary: Yum update of sendmail causes AVC
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-09-18 14:33 UTC by Ken Reilly
Modified: 2008-01-30 19:06 UTC (History)
1 user (show)

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-01-30 19:06:13 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Pete Graner 2007-09-18 14:33:31 UTC 
Description of problem: While updating to rawhide 2007-09-18 sendmail causes the
following AVC message.


Version-Release number of selected component (if applicable):

[pgraner@moltar ~]$ rpm -q selinux-policy-targeted
selinux-policy-targeted-3.0.7-10.fc8

Summary
    SELinux prevented /usr/sbin/sendmail.sendmail from using the terminal 2.

Detailed Description
    SELinux prevented /usr/sbin/sendmail.sendmail from using the terminal 2. In
    most cases daemons do not need to interact with the terminal, usually these
    avc messages can be ignored.  All of the confined daemons should have
    dontaudit rules around using the terminal.  Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this selinux-
    policy.  If you would like to allow all daemons to interact with the
    terminal, you can turn on the allow_daemons_use_tty boolean.

Allowing Access
    Changing the "allow_daemons_use_tty" boolean to true will allow this access:
    "setsebool -P allow_daemons_use_tty=1."

    The following command will allow this access:
    setsebool -P allow_daemons_use_tty=1

Additional Information        

Source Context                system_u:system_r:sendmail_t
Target Context                system_u:object_r:unconfined_devpts_t
Target Objects                2 [ chr_file ]
Affected RPM Packages         sendmail-8.14.1-4.2.fc8 [application]
Policy RPM                    selinux-policy-3.0.7-10.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   plugins.allow_daemons_use_tty
Host Name                     moltar.redvoodoo.org
Platform                      Linux moltar.redvoodoo.org
                              2.6.23-0.184.rc6.git4.fc8 #1 SMP Fri Sep 14
                              17:42:59 EDT 2007 i686 i686
Alert Count                   2
First Seen                    Tue 18 Sep 2007 10:01:17 AM EDT
Last Seen                     Tue 18 Sep 2007 10:01:18 AM EDT
Local ID                      faf8f01c-fc21-4ee7-9594-4681b49a41ee
Line Numbers                  

Raw Audit Messages            

avc: denied { read, write } for comm=sendmail dev=devpts egid=51 euid=0
exe=/usr/sbin/sendmail.sendmail exit=0 fsgid=51 fsuid=0 gid=0 items=0 name=2
pid=10010 scontext=system_u:system_r:sendmail_t:s0 sgid=51
subj=system_u:system_r:sendmail_t:s0 suid=0 tclass=chr_file
tcontext=system_u:object_r:unconfined_devpts_t:s0 tty=pts2 uid=0
Comment 1 Daniel Walsh 2007-09-18 14:47:08 UTC 
Fixed in selinux-policy-3.0.8-1.fc8
Comment 2 Red Hat Bugzilla 2007-10-23 15:25:29 UTC 
User pgraner's account has been closed
Comment 3 Daniel Walsh 2008-01-30 19:06:13 UTC 
Bulk closing a old selinux policy bugs that were in the modified state.  If the
bug is still not fixed.  Please reopen.
Note You need to log in before you can comment on or make changes to this bug.