Bug 442207 - SELinux is preventing sendmail (sendmail_t) "getattr" to /var/spool/MIMEDefang/mimedefang.sock (var_spool_t).
SELinux is preventing sendmail (sendmail_t) "getattr" to /var/spool/MIMEDefa...
Status: CLOSED DUPLICATE of bug 442209
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
8
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-12 15:03 EDT by Bruce M. Kantor
Modified: 2008-05-02 15:57 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-02 15:57:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bruce M. Kantor 2008-04-12 15:03:54 EDT
Description of problem:

mimedefang 2.64
sendmail 8.14.2

SELinux is preventing sendmail (sendmail_t) "getattr" to
/var/spool/MIMEDefang/mimedefang.sock (var_spool_t).

Detailed Description:

SELinux denied access requested by sendmail. It is not expected that this access
is required by sendmail and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Additional Information:

Source Context                system_u:system_r:sendmail_t:s0
Target Context                system_u:object_r:var_spool_t:s0
Target Objects                /var/spool/MIMEDefang/mimedefang.sock [ sock_file
                              ]
Source                        newaliases
Source Path                   /usr/sbin/sendmail.sendmail
Port                          <Unknown>
Host                          fedora1.kantors.net
Source RPM Packages           sendmail-8.14.2-1.fc8
Target RPM Packages           
Policy RPM                    selinux-policy-3.0.8-95.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     fedora1.kantors.net
Platform                      Linux fedora1.kantors.net 2.6.24.4-64.fc8 #1 SMP
                              Sat Mar 29 09:54:46 EDT 2008 i686 i686
Alert Count                   22
First Seen                    Sat 12 Apr 2008 12:36:36 PM EDT
Last Seen                     Sat 12 Apr 2008 01:48:12 PM EDT
Local ID                      7977b54a-ef5b-43b0-a5fa-ab49e1361a7f
Line Numbers                  

Raw Audit Messages            

host=fedora1.kantors.net type=AVC msg=audit(1208022492.418:22): avc:  denied  {
getattr } for  pid=2685 comm="sendmail"
path="/var/spool/MIMEDefang/mimedefang.sock" dev=dm-0 ino=4751382
scontext=system_u:system_r:sendmail_t:s0
tcontext=system_u:object_r:var_spool_t:s0 tclass=sock_file

host=fedora1.kantors.net type=SYSCALL msg=audit(1208022492.418:22):
arch=40000003 syscall=196 success=no exit=-13 a0=bfc45da8 a1=bfc45c40 a2=608ff4
a3=3 items=0 ppid=2684 pid=2685 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) comm="sendmail"
exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:sendmail_t:s0 key=(null)
Comment 1 Robert Scheck 2008-04-12 17:15:34 EDT
Reassigning to selinux-policy, as it has to be fixed there. Daniel, are you
able to take care about it? It is a mimedefang specific thing which is not yet
handled in the policy.
Comment 2 Daniel Walsh 2008-05-02 15:57:16 EDT

*** This bug has been marked as a duplicate of 442209 ***

Note You need to log in before you can comment on or make changes to this bug.