Bug 448333 - avc: denied { read write } for comm="sendmail" path="socket:[4722163]" dev=sockfs
Summary: avc: denied { read write } for comm="sendmail" path="socket:[4722163]" dev=so...
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2008-05-26 00:07 UTC by Robert Scheck
Modified: 2008-11-17 22:04 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-11-17 22:04:08 UTC

Attachments (Terms of Use)
sealerts (10.44 KB, text/plain)
2008-06-14 11:44 UTC, Frank Murphy
no flags Details

Description Robert Scheck 2008-05-26 00:07:07 UTC
Description of problem:
Following AVC denied pops up for me when a script in /etc/cron.weekly causes 
output to STDOUT.

type=AVC msg=audit(1211686193.517:13630): avc:  denied  { read write } for  
pid=20139 comm="sendmail" path="socket:[4722163]" dev=sockfs ino=4722163 
type=SYSCALL msg=audit(1211686193.517:13630): arch=40000003 syscall=11 
success=yes exit=0 a0=925b600 a1=925b728 a2=925aaa8 a3=0 items=0 ppid=20136 
pid=20139 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 
tty=(none) ses=2485 comm="sendmail" exe="/usr/sbin/sendmail.sendmail" 
subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null)

Version-Release number of selected component (if applicable):

How reproducible:
Everytime, see above.

Actual results:
AVC denied

Expected results:
No AVC denied.

Comment 1 Robert Scheck 2008-05-26 00:33:39 UTC
Sorry, I've to correct myself. The script does something like this which seems
to cause the AVC denieds...

mail("root@localhost", "Some subject", "Some body", "From: root@localhost\n");

So is this AVC correct or not? PHP's mail() calls /usr/sbin/sendmail(.sendmail)
to send this mail then.

Comment 2 Daniel Walsh 2008-05-27 16:26:48 UTC
This looks like a leaked file descriptor from either php or cron.

Probably can be safely ignored.

I take it the mail was sent successfully.

Comment 3 Daniel Walsh 2008-05-27 16:27:21 UTC
Are you using ldap for authentication?

Comment 4 Robert Scheck 2008-05-27 22:00:53 UTC
I'm using no LDAP - anyway either allowed or silenced. In permissive, it is send 
anyway, but I've to much other things currently, that I can't enforce.

Comment 5 Daniel Walsh 2008-05-28 11:03:05 UTC
Ok not sure if it is necessary or not but I will allow it.

Fixed in selinux-policy-3.3.1-56.fc9

Comment 6 Frank Murphy 2008-06-14 11:44:37 UTC
Created attachment 309357 [details]

restorecon -v '/'  
had no effect, avc still going mental as I type alert count up to 180+

Comment 7 Daniel Walsh 2008-06-16 10:45:23 UTC
Frank you have a process that is running as unlabeled_t.  You need to kill and
restart it.  Or reboot the machine,  Not sure how the process lost it's label.

Comment 8 Daniel Walsh 2008-11-17 22:04:08 UTC
Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.

Note You need to log in before you can comment on or make changes to this bug.