359541 – selinux

Bug 359541 - selinux

Summary: selinux

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	7
Hardware:	i386
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-10-31 02:46 UTC by John Antony
Modified:	2008-01-30 19:18 UTC (History)
CC List:	0 users
Fixed In Version:	Current
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-01-30 19:18:23 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description John Antony 2007-10-31 02:46:34 UTC

Summary
    SELinux is preventing /usr/sbin/sendmail.sendmail (system_mail_t) "search"
    to ppp (pppd_etc_t).

Detailed Description
    SELinux denied access requested by /usr/sbin/sendmail.sendmail. It is not
    expected that this access is required by /usr/sbin/sendmail.sendmail and
    this access may signal an intrusion attempt. It is also possible that the
    specific version or configuration of the application is causing it to
    require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for ppp, restorecon -v ppp If this
    does not work, there is currently no automatic way to allow this access.
    Instead,  you can generate a local policy module to allow this access - see
    http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
    SELinux protection altogether. Disabling SELinux protection is not
    recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
    against this package.

Additional Information        

Source Context                system_u:system_r:system_mail_t:SystemLow-
                              SystemHigh
Target Context                system_u:object_r:pppd_etc_t
Target Objects                ppp [ dir ]
Affected RPM Packages         sendmail-8.14.1-2 [application]
Policy RPM                    selinux-policy-2.6.4-8.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 2.6.23.1-10.fc7 #1 SMP
                              Fri Oct 19 15:39:08 EDT 2007 i686 i686
Alert Count                   67
First Seen                    Fri 14 Sep 2007 08:00:01 AM IST
Last Seen                     Wed 31 Oct 2007 08:10:01 AM IST
Local ID                      93e88d1d-f292-4012-a529-967a64e40ec9
Line Numbers                  

Raw Audit Messages            

avc: denied { search } for comm="sendmail" dev=sda3 egid=51 euid=500
exe="/usr/sbin/sendmail.sendmail" exit=-13 fsgid=51 fsuid=500 gid=500 items=0
name="ppp" pid=3414 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023
sgid=51 subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 suid=500 tclass=dir
tcontext=system_u:object_r:pppd_etc_t:s0 tty=(none) uid=500

Comment 1 Daniel Walsh 2007-10-31 11:42:57 UTC

Fixed in selinux-policy-2.6.4-52.fc7

You should upgrade this system.

Comment 2 Daniel Walsh 2008-01-30 19:18:23 UTC

Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.

Note You need to log in before you can comment on or make changes to this bug.