Description of problem: SELinux is preventing sendmail (sendmail_t) "getattr" to /home/john (unconfined_home_dir_t). Version-Release number of selected component (if applicable): selinux-policy-targeted-3.0.8-53.fc8 How reproducible: Steps to Reproduce: 1. Fresh install of FC8. 2. Normal custimization of sendmail.cf and other config files. 3. Make 3. Actual results: See attached cut/paste from AVC window. Expected results: No AVC denial expected. Additional info: SummarySELinux is preventing sendmail (sendmail_t) "getattr" to /home/john (unconfined_home_dir_t).Detailed DescriptionSELinux denied access requested by sendmail. It is not expected that this access is required by sendmail and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.Allowing AccessSometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /home/john, restorecon -v /home/john If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package.Additional InformationSource Context: system_u:system_r:sendmail_t:s0Target Context: unconfined_u:object_r:unconfined_home_dir_t:s0Target Objects: /home/john [ dir ]Affected RPM Packages: Policy RPM: selinux-policy-3.0.8-53.fc8Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: PermissivePlugin Name: plugins.catchall_fileHost Name: mellor.kw.netPlatform: Linux mellor.kw.net 2.6.23.1-49.fc8 #1 SMP Thu Nov 8 21:41:26 EST 2007 i686 athlonAlert Count: 1First Seen: Sun 18 Nov 2007 06:43:17 PM ESTLast Seen: Sun 18 Nov 2007 06:43:17 PM ESTLocal ID: ddc0571b-8704-430b-a3bc-20adc2b9850bLine Numbers: Raw Audit Messages :avc: denied { getattr } for comm=sendmail dev=dm-0 path=/home/john pid=4542 scontext=system_u:system_r:sendmail_t:s0 tclass=dir tcontext=unconfined_u:object_r:unconfined_home_dir_t:s0
Any idea why sendmail would be trying to look at /home/john? Do you have something in the sendmail.cf that would point there?
Created attachment 273631 [details] settroubleshoot output
Can confirm this bug, and confirmed (more or less) by others in same thread: https://www.redhat.com/archives/fedora-selinux-list/2007-November/msg00092.html No idea why send mail would want to look at /home/morgan but have /etc/alias set so that user morgan should receive root's mail and evolution set up to collect user morgan's mail from /var/spool/mail via evolution's "Standard Unix mbox spool directory" Server Type Seems to be preventing some mail from getting through as I'm getting some mail delivery warnings returned to sender user root at user morgan Attached (1 of 15) saved setroubleshoot output
You can allow this for now by executing # audit2allow -M mypol -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.0.8-62.fc8
No new occurances, appears to be fixed as described.