Bug 294801 - Yum update of sendmail causes AVC
Yum update of sendmail causes AVC
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2007-09-18 10:33 EDT by Ken Reilly
Modified: 2008-01-30 14:06 EST (History)
1 user (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-30 14:06:13 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Pete Graner 2007-09-18 10:33:31 EDT
Description of problem: While updating to rawhide 2007-09-18 sendmail causes the
following AVC message.

Version-Release number of selected component (if applicable):

[pgraner@moltar ~]$ rpm -q selinux-policy-targeted

    SELinux prevented /usr/sbin/sendmail.sendmail from using the terminal 2.

Detailed Description
    SELinux prevented /usr/sbin/sendmail.sendmail from using the terminal 2. In
    most cases daemons do not need to interact with the terminal, usually these
    avc messages can be ignored.  All of the confined daemons should have
    dontaudit rules around using the terminal.  Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this selinux-
    policy.  If you would like to allow all daemons to interact with the
    terminal, you can turn on the allow_daemons_use_tty boolean.

Allowing Access
    Changing the "allow_daemons_use_tty" boolean to true will allow this access:
    "setsebool -P allow_daemons_use_tty=1."

    The following command will allow this access:
    setsebool -P allow_daemons_use_tty=1

Additional Information        

Source Context                system_u:system_r:sendmail_t
Target Context                system_u:object_r:unconfined_devpts_t
Target Objects                2 [ chr_file ]
Affected RPM Packages         sendmail-8.14.1-4.2.fc8 [application]
Policy RPM                    selinux-policy-3.0.7-10.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   plugins.allow_daemons_use_tty
Host Name                     moltar.redvoodoo.org
Platform                      Linux moltar.redvoodoo.org
                              2.6.23-0.184.rc6.git4.fc8 #1 SMP Fri Sep 14
                              17:42:59 EDT 2007 i686 i686
Alert Count                   2
First Seen                    Tue 18 Sep 2007 10:01:17 AM EDT
Last Seen                     Tue 18 Sep 2007 10:01:18 AM EDT
Local ID                      faf8f01c-fc21-4ee7-9594-4681b49a41ee
Line Numbers                  

Raw Audit Messages            

avc: denied { read, write } for comm=sendmail dev=devpts egid=51 euid=0
exe=/usr/sbin/sendmail.sendmail exit=0 fsgid=51 fsuid=0 gid=0 items=0 name=2
pid=10010 scontext=system_u:system_r:sendmail_t:s0 sgid=51
subj=system_u:system_r:sendmail_t:s0 suid=0 tclass=chr_file
tcontext=system_u:object_r:unconfined_devpts_t:s0 tty=pts2 uid=0
Comment 1 Daniel Walsh 2007-09-18 10:47:08 EDT
Fixed in selinux-policy-3.0.8-1.fc8
Comment 2 Red Hat Bugzilla 2007-10-23 11:25:29 EDT
User pgraner@redhat.com's account has been closed
Comment 3 Daniel Walsh 2008-01-30 14:06:13 EST
Bulk closing a old selinux policy bugs that were in the modified state.  If the
bug is still not fixed.  Please reopen.

Note You need to log in before you can comment on or make changes to this bug.