Bug 439836 - SELinux is preventing sh (procmail_t) "ioctl" to /usr/bin/spamc (spamc_exec_t).
SELinux is preventing sh (procmail_t) "ioctl" to /usr/bin/spamc (spamc_exec_t).
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-31 13:15 EDT by Dave Jones
Modified: 2015-01-04 17:30 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-01 01:57:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dave Jones 2008-03-31 13:15:17 EDT
not sure what to make of this.

host=gelk type=AVC msg=audit(1206954096.938:326): avc: denied { ioctl } for
pid=15415 comm="sh" path="/usr/bin/spamc" dev=md0 ino=30782362
scontext=system_u:system_r:procmail_t:s0-s0:c0.c1023
tcontext=system_u:object_r:spamc_exec_t:s0 tclass=file host=gelk type=SYSCALL
msg=audit(1206954096.938:326): arch=c000003e syscall=16 success=no exit=-13 a0=3
a1=5401 a2=7fff6be0e710 a3=3ec416da10 items=0 ppid=15414 pid=15415 auid=500
uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) ses=58 comm="sh" exe="/bin/bash"
subj=system_u:system_r:procmail_t:s0-s0:c0.c1023 key=(null) 

This happened three times.  All my usual mail doesn't trigger it, so I'm
wondering if it's just something special about the mail that cron.daily sent.
My .procmailrc is fairly benign, just a spamc invocation and filtering into
folders, so I'm not sure where the ioctl comes in.
Comment 1 Daniel Walsh 2008-04-01 01:57:00 EDT
I have no idea but I will add the ability for domtrans pattern to ioctl

Fixed in selinux-policy-3.3.27.fc9

Note You need to log in before you can comment on or make changes to this bug.