Bug 393191 - SELinux denied access requested by sendmail
SELinux denied access requested by sendmail
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
8
i386 Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-20 16:23 EST by Michael Bartosh
Modified: 2008-01-30 14:20 EST (History)
1 user (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-30 14:20:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michael Bartosh 2007-11-20 16:23:10 EST
Description of problem:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for , restorecon -v If this does not work, there
is currently no automatic way to allow this access. Instead, you can generate a
local policy module to allow this access - see FAQ Or you can disable SELinux
protection altogether. Disabling SELinux protection is not recommended. Please
file a bug report against this package.

Version-Release number of selected component (if applicable):
selinux-policy-3.0.8-53.fc8Selinux

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:
Additional InformationSource
Context:  system_u:system_r:system_mail_t:s0-s0:c0.c1023Target
Context:  system_u:object_r:exim_log_t:s0Target Objects:  None [ dir ]Affected
RPM Packages:  Policy RPM:  selinux-policy-3.0.8-53.fc8Selinux
Enabled:  TruePolicy Type:  targetedMLS Enabled:  TrueEnforcing
Mode:  EnforcingPlugin Name:  plugins.catchall_fileHost
Name:  localhost.localdomainPlatform:  Linux localhost.localdomain
2.6.23.1-49.fc8 #1 SMP Thu Nov 8 21:41:26 EST 2007 i686 i686Alert
Count:  18First Seen:  Tue 20 Nov 2007 12:30:02 PM CSTLast Seen:  Tue 20 Nov
2007 03:15:01 PM CSTLocal ID:  d5e550df-186a-4110-bbf9-29317f4d05b8Line Numbers:  
Raw Audit Messages :avc: denied { write } for comm=sendmail dev=dm-0 name=exim
pid=30434 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tclass=dir
tcontext=system_u:object_r:exim_log_t:s0 

Expected results: Instructions on how to handle or address the violations being
detected by SELinux.


Additional info: Sorry if this is not the correct way to present this
information, but since it continues to "Pop-Up" every few minutes, it is
annoying on my part as well.
Comment 1 Daniel Walsh 2007-11-20 17:02:19 EST
You can allow this for now by executing 

# audit2allow -M mypol -i /var/log/audit/audit.log 
# semodule -i mypol.pp

Fixed in selinux-policy-3.0.8-59.fc8
Comment 2 Daniel Walsh 2008-01-30 14:20:57 EST
Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.

Note You need to log in before you can comment on or make changes to this bug.