Description of problem: Following AVC denied pops up for me when a script in /etc/cron.weekly causes output to STDOUT. type=AVC msg=audit(1211686193.517:13630): avc: denied { read write } for pid=20139 comm="sendmail" path="socket:[4722163]" dev=sockfs ino=4722163 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_crond_t:s0-s0:c0.c1023 tclass=unix_stream_socket type=SYSCALL msg=audit(1211686193.517:13630): arch=40000003 syscall=11 success=yes exit=0 a0=925b600 a1=925b728 a2=925aaa8 a3=0 items=0 ppid=20136 pid=20139 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) ses=2485 comm="sendmail" exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null) Version-Release number of selected component (if applicable): selinux-policy-targeted-3.3.1-55 How reproducible: Everytime, see above. Actual results: AVC denied Expected results: No AVC denied.
Sorry, I've to correct myself. The script does something like this which seems to cause the AVC denieds... #!/usr/bin/php <?php mail("root@localhost", "Some subject", "Some body", "From: root@localhost\n"); ?> So is this AVC correct or not? PHP's mail() calls /usr/sbin/sendmail(.sendmail) to send this mail then.
This looks like a leaked file descriptor from either php or cron. Probably can be safely ignored. I take it the mail was sent successfully.
Are you using ldap for authentication?
I'm using no LDAP - anyway either allowed or silenced. In permissive, it is send anyway, but I've to much other things currently, that I can't enforce.
Ok not sure if it is necessary or not but I will allow it. Fixed in selinux-policy-3.3.1-56.fc9
Created attachment 309357 [details] sealerts restorecon -v '/' had no effect, avc still going mental as I type alert count up to 180+
Frank you have a process that is running as unlabeled_t. You need to kill and restart it. Or reboot the machine, Not sure how the process lost it's label.
Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed.