Bug 393191 - SELinux denied access requested by sendmail
Summary: SELinux denied access requested by sendmail
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 8
Hardware: i386
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-11-20 21:23 UTC by Michael Bartosh
Modified: 2008-01-30 19:20 UTC (History)
1 user (show)

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-01-30 19:20:57 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Michael Bartosh 2007-11-20 21:23:10 UTC
Description of problem:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for , restorecon -v If this does not work, there
is currently no automatic way to allow this access. Instead, you can generate a
local policy module to allow this access - see FAQ Or you can disable SELinux
protection altogether. Disabling SELinux protection is not recommended. Please
file a bug report against this package.

Version-Release number of selected component (if applicable):
selinux-policy-3.0.8-53.fc8Selinux

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:
Additional InformationSource
Context:  system_u:system_r:system_mail_t:s0-s0:c0.c1023Target
Context:  system_u:object_r:exim_log_t:s0Target Objects:  None [ dir ]Affected
RPM Packages:  Policy RPM:  selinux-policy-3.0.8-53.fc8Selinux
Enabled:  TruePolicy Type:  targetedMLS Enabled:  TrueEnforcing
Mode:  EnforcingPlugin Name:  plugins.catchall_fileHost
Name:  localhost.localdomainPlatform:  Linux localhost.localdomain
2.6.23.1-49.fc8 #1 SMP Thu Nov 8 21:41:26 EST 2007 i686 i686Alert
Count:  18First Seen:  Tue 20 Nov 2007 12:30:02 PM CSTLast Seen:  Tue 20 Nov
2007 03:15:01 PM CSTLocal ID:  d5e550df-186a-4110-bbf9-29317f4d05b8Line Numbers:  
Raw Audit Messages :avc: denied { write } for comm=sendmail dev=dm-0 name=exim
pid=30434 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tclass=dir
tcontext=system_u:object_r:exim_log_t:s0 

Expected results: Instructions on how to handle or address the violations being
detected by SELinux.


Additional info: Sorry if this is not the correct way to present this
information, but since it continues to "Pop-Up" every few minutes, it is
annoying on my part as well.

Comment 1 Daniel Walsh 2007-11-20 22:02:19 UTC
You can allow this for now by executing 

# audit2allow -M mypol -i /var/log/audit/audit.log 
# semodule -i mypol.pp

Fixed in selinux-policy-3.0.8-59.fc8

Comment 2 Daniel Walsh 2008-01-30 19:20:57 UTC
Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.


Note You need to log in before you can comment on or make changes to this bug.