Description of problem: mimedefang 2.64 sendmail 8.14.2 SELinux is preventing sendmail (sendmail_t) "getattr" to /var/spool/MIMEDefang/mimedefang.sock (var_spool_t). Detailed Description: SELinux denied access requested by sendmail. It is not expected that this access is required by sendmail and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Additional Information: Source Context system_u:system_r:sendmail_t:s0 Target Context system_u:object_r:var_spool_t:s0 Target Objects /var/spool/MIMEDefang/mimedefang.sock [ sock_file ] Source newaliases Source Path /usr/sbin/sendmail.sendmail Port <Unknown> Host fedora1.kantors.net Source RPM Packages sendmail-8.14.2-1.fc8 Target RPM Packages Policy RPM selinux-policy-3.0.8-95.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name fedora1.kantors.net Platform Linux fedora1.kantors.net 2.6.24.4-64.fc8 #1 SMP Sat Mar 29 09:54:46 EDT 2008 i686 i686 Alert Count 22 First Seen Sat 12 Apr 2008 12:36:36 PM EDT Last Seen Sat 12 Apr 2008 01:48:12 PM EDT Local ID 7977b54a-ef5b-43b0-a5fa-ab49e1361a7f Line Numbers Raw Audit Messages host=fedora1.kantors.net type=AVC msg=audit(1208022492.418:22): avc: denied { getattr } for pid=2685 comm="sendmail" path="/var/spool/MIMEDefang/mimedefang.sock" dev=dm-0 ino=4751382 scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:var_spool_t:s0 tclass=sock_file host=fedora1.kantors.net type=SYSCALL msg=audit(1208022492.418:22): arch=40000003 syscall=196 success=no exit=-13 a0=bfc45da8 a1=bfc45c40 a2=608ff4 a3=3 items=0 ppid=2684 pid=2685 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) comm="sendmail" exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:sendmail_t:s0 key=(null)
Reassigning to selinux-policy, as it has to be fixed there. Daniel, are you able to take care about it? It is a mimedefang specific thing which is not yet handled in the policy.
*** This bug has been marked as a duplicate of 442209 ***