Bug 331311 - Selinux preventing Exim
Summary: Selinux preventing Exim
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 8
Hardware: All
OS: Linux
low
high
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-10-14 12:09 UTC by Robert Staaf
Modified: 2008-01-30 19:19 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2008-01-30 19:19:02 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Robert Staaf 2007-10-14 12:09:03 UTC 
Description of problem:
SELinux is preventing /usr/sbin/exim (system_mail_t) "search" to (exim_log_t).
SELinux is preventing /usr/sbin/exim (system_mail_t) "getattr" to
/var/spool/exim (exim_spool_t).
SELinux is preventing /usr/sbin/exim (system_mail_t) "setattr" to (exim_spool_t).
SELinux is preventing /usr/sbin/exim (system_mail_t) "search" to (exim_log_t).

Version-Release number of selected component (if applicable):
Policy RPM:  selinux-policy-3.0.8-20.fc8
Affected RPM Packages:  exim-4.68-1.fc8 [application]

How reproducible:
Just seems SELinux isn't all that happy with Exim...

Steps to Reproduce:
1.
  
Actual results:


Expected results:


Additional info:
Comment 1 Daniel Walsh 2007-10-15 17:13:46 UTC 
Fixed in selinux-policy-3.0.8-23.fc8.src.rpm
Comment 2 Robert Staaf 2007-10-20 12:23:23 UTC 
Actually I am running selinux-policy-3.0.8-24.fc8 and I am still getting the
same SELinux alerts, never stopped...
Comment 3 Robert Staaf 2007-10-20 12:23:52 UTC 
I have relabeled a couple of times since then as well...
Comment 4 Robert Staaf 2007-10-20 12:25:09 UTC 
SELinux is preventing /usr/sbin/exim (system_mail_t) "append" to (exim_log_t).
Comment 5 Robert Staaf 2007-10-21 12:38:44 UTC 
SELinux is preventing sendmail (system_mail_t) "append" to (exim_log_t).

RPM Packages:  Policy RPM:  selinux-policy-3.0.8-28.fc8Selinux 

scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tclass=file
tcontext=system_u:object_r:exim_log_t:s0
Comment 6 Daniel Walsh 2007-10-22 15:41:27 UTC 
Yes I will update tonight to allow system_mail_t to domtrans to exim_t and this
will be allowed.
Comment 7 Robert Staaf 2007-10-26 12:23:22 UTC 
SELinux is preventing /usr/sbin/exim (system_mail_t) "append" to (exim_log_t).

selinux-policy-3.0.8-32.fc8
Comment 8 Daniel Walsh 2007-10-26 13:05:50 UTC 
selinux-policy-3.0.8-36.fc8
Comment 9 Robert Staaf 2007-11-02 11:56:26 UTC 
Looks like this is a rather stubborn one...

SELinux is preventing /usr/sbin/exim (system_mail_t) "execute" to (exim_exec_t).

selinux-policy-3.0.8-42.fc8
Comment 10 Daniel Walsh 2008-01-30 19:19:02 UTC 
Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.
Note You need to log in before you can comment on or make changes to this bug.