I'm not certain that the SELinux policy is necessarily the best/only place for a fix for this, but I had to start somewhere. Summary SELinux is preventing /usr/sbin/sendmail.sendmail (system_mail_t) "read write" to /tmp/xxxxxxxx (deleted) (apcupsd_t). Detailed Description SELinux denied access requested by /usr/sbin/sendmail.sendmail. It is not expected that this access is required by /usr/sbin/sendmail.sendmail and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context user_u:system_r:system_mail_t Target Context user_u:system_r:apcupsd_t Target Objects /tmp/xxxxxxxx (deleted) [ tcp_socket ] Affected RPM Packages sendmail-8.14.1-4.2.fc7 [application] Policy RPM selinux-policy-2.6.4-45.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall Host Name ignacio.ignacio.lan Platform Linux ignacio.ignacio.lan 2.6.22.9-91.fc7 #1 SMP Thu Sep 27 23:10:59 EDT 2007 i686 athlon Alert Count 1 First Seen Tue 16 Oct 2007 05:43:12 AM EDT Last Seen Tue 16 Oct 2007 05:43:12 AM EDT Local ID 31bee1df-446a-4d86-8d2e-c69045b3b438 Line Numbers Raw Audit Messages avc: denied { read, write } for comm="sendmail" dev=sockfs egid=51 euid=0 exe="/usr/sbin/sendmail.sendmail" exit=0 fsgid=51 fsuid=0 gid=0 items=0 name="" path=2F746D702F52734E72614D6861202864656C6574656429 pid=3419 scontext=user_u:system_r:system_mail_t:s0 sgid=51 subj=user_u:system_r:system_mail_t:s0 suid=0 tclass=tcp_socket tcontext=user_u:system_r:apcupsd_t:s0 tty=(none) uid=0
This looks like a leaked file descriptory in apcupsd. All open file descriptors in apcuspd need to be closed on exec before execing sendmail fctnl(fd, F_SETFD, FD_CLOEXEC)
It's not. It is apcupsd writing a message to /tmp and calling sendmail to send it. *** This bug has been marked as a duplicate of 247162 ***