Summary SELinux prevented /usr/sbin/sendmail.sendmail from using the terminal 0. Detailed Description SELinux prevented /usr/sbin/sendmail.sendmail from using the terminal 0. In most cases daemons do not need to interact with the terminal, usually these avc messages can be ignored. All of the confined daemons should have dontaudit rules around using the terminal. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this selinux- policy. If you would like to allow all daemons to interact with the terminal, you can turn on the allow_daemons_use_tty boolean. Allowing Access Changing the "allow_daemons_use_tty" boolean to true will allow this access: "setsebool -P allow_daemons_use_tty=1." The following command will allow this access: setsebool -P allow_daemons_use_tty=1 Additional Information Source Context system_u:system_r:sendmail_t:s0 Target Context system_u:object_r:unconfined_devpts_t:s0 Target Objects None [ chr_file ] Affected RPM Packages sendmail-8.14.1-4.2.fc8 [application] Policy RPM selinux-policy-3.0.8-2.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.allow_daemons_use_tty Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.23-0.184.rc6.git4.fc8 #1 SMP Fri Sep 14 17:42:59 EDT 2007 i686 i686 Alert Count 3 First Seen Thu 20 Sep 2007 10:56:03 PM EST Last Seen Thu 20 Sep 2007 10:56:03 PM EST Local ID 72a682bd-df32-438f-a6b6-9e5913fbc413 Line Numbers Raw Audit Messages avc: denied { read write } for comm=sendmail dev=devpts egid=51 euid=0 exe=/usr/sbin/sendmail.sendmail exit=0 fsgid=51 fsuid=0 gid=0 items=0 name=0 pid=5667 scontext=system_u:system_r:sendmail_t:s0 sgid=51 subj=system_u:system_r:sendmail_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:unconfined_devpts_t:s0 tty=(none) uid=0
Fixed in selinux-policy-3.0.8-14.fc8