Bug 448333 - avc: denied { read write } for comm="sendmail" path="socket:[4722163]" dev=sockfs
avc: denied { read write } for comm="sendmail" path="socket:[4722163]" dev=so...
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-05-25 20:07 EDT by Robert Scheck
Modified: 2008-11-17 17:04 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-11-17 17:04:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
sealerts (10.44 KB, text/plain)
2008-06-14 07:44 EDT, Frank Murphy
no flags Details

  None (edit)
Description Robert Scheck 2008-05-25 20:07:07 EDT
Description of problem:
Following AVC denied pops up for me when a script in /etc/cron.weekly causes 
output to STDOUT.

type=AVC msg=audit(1211686193.517:13630): avc:  denied  { read write } for  
pid=20139 comm="sendmail" path="socket:[4722163]" dev=sockfs ino=4722163 
type=SYSCALL msg=audit(1211686193.517:13630): arch=40000003 syscall=11 
success=yes exit=0 a0=925b600 a1=925b728 a2=925aaa8 a3=0 items=0 ppid=20136 
pid=20139 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 
tty=(none) ses=2485 comm="sendmail" exe="/usr/sbin/sendmail.sendmail" 
subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null)

Version-Release number of selected component (if applicable):

How reproducible:
Everytime, see above.

Actual results:
AVC denied

Expected results:
No AVC denied.
Comment 1 Robert Scheck 2008-05-25 20:33:39 EDT
Sorry, I've to correct myself. The script does something like this which seems
to cause the AVC denieds...

mail("root@localhost", "Some subject", "Some body", "From: root@localhost\n");

So is this AVC correct or not? PHP's mail() calls /usr/sbin/sendmail(.sendmail)
to send this mail then.
Comment 2 Daniel Walsh 2008-05-27 12:26:48 EDT
This looks like a leaked file descriptor from either php or cron.

Probably can be safely ignored.

I take it the mail was sent successfully.
Comment 3 Daniel Walsh 2008-05-27 12:27:21 EDT
Are you using ldap for authentication?
Comment 4 Robert Scheck 2008-05-27 18:00:53 EDT
I'm using no LDAP - anyway either allowed or silenced. In permissive, it is send 
anyway, but I've to much other things currently, that I can't enforce.
Comment 5 Daniel Walsh 2008-05-28 07:03:05 EDT
Ok not sure if it is necessary or not but I will allow it.

Fixed in selinux-policy-3.3.1-56.fc9
Comment 6 Frank Murphy 2008-06-14 07:44:37 EDT
Created attachment 309357 [details]

restorecon -v '/'  
had no effect, avc still going mental as I type alert count up to 180+
Comment 7 Daniel Walsh 2008-06-16 06:45:23 EDT
Frank you have a process that is running as unlabeled_t.  You need to kill and
restart it.  Or reboot the machine,  Not sure how the process lost it's label.
Comment 8 Daniel Walsh 2008-11-17 17:04:08 EST
Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.

Note You need to log in before you can comment on or make changes to this bug.