Bug 310681 - SELinux prevented /usr/sbin/sendmail.sendmail from using the terminal 0.
SELinux prevented /usr/sbin/sendmail.sendmail from using the terminal 0.
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
8
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-28 08:18 EDT by Rodd Clarkson
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-28 09:07:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Rodd Clarkson 2007-09-28 08:18:42 EDT
Summary
    SELinux prevented /usr/sbin/sendmail.sendmail from using the terminal 0.

Detailed Description
    SELinux prevented /usr/sbin/sendmail.sendmail from using the terminal 0. In
    most cases daemons do not need to interact with the terminal, usually these
    avc messages can be ignored.  All of the confined daemons should have
    dontaudit rules around using the terminal.  Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this selinux-
    policy.  If you would like to allow all daemons to interact with the
    terminal, you can turn on the allow_daemons_use_tty boolean.

Allowing Access
    Changing the "allow_daemons_use_tty" boolean to true will allow this access:
    "setsebool -P allow_daemons_use_tty=1."

    The following command will allow this access:
    setsebool -P allow_daemons_use_tty=1

Additional Information        

Source Context                system_u:system_r:sendmail_t:s0
Target Context                system_u:object_r:unconfined_devpts_t:s0
Target Objects                None [ chr_file ]
Affected RPM Packages         sendmail-8.14.1-4.2.fc8 [application]
Policy RPM                    selinux-policy-3.0.8-2.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.allow_daemons_use_tty
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.23-0.184.rc6.git4.fc8 #1 SMP Fri Sep 14
                              17:42:59 EDT 2007 i686 i686
Alert Count                   3
First Seen                    Thu 20 Sep 2007 10:56:03 PM EST
Last Seen                     Thu 20 Sep 2007 10:56:03 PM EST
Local ID                      72a682bd-df32-438f-a6b6-9e5913fbc413
Line Numbers                  

Raw Audit Messages            

avc: denied { read write } for comm=sendmail dev=devpts egid=51 euid=0
exe=/usr/sbin/sendmail.sendmail exit=0 fsgid=51 fsuid=0 gid=0 items=0 name=0
pid=5667 scontext=system_u:system_r:sendmail_t:s0 sgid=51
subj=system_u:system_r:sendmail_t:s0 suid=0 tclass=chr_file
tcontext=system_u:object_r:unconfined_devpts_t:s0 tty=(none) uid=0
Comment 1 Daniel Walsh 2007-09-28 09:07:54 EDT
Fixed in selinux-policy-3.0.8-14.fc8

Note You need to log in before you can comment on or make changes to this bug.