Created attachment 310239 [details]
Sendmail Alert Mislabeled Files

This path is strange - I do not know what exactly this should be.

Do you have more information?

Taking these AVC's and applying to Fedora 12 setroubleshoot shows.

Summary:

SELinux is preventing /usr/sbin/sendmail.sendmail access to a leaked
/tmp/.NSPR-AFM-6363-2aabc80fc870.0 (deleted) file descriptor.

Detailed Description:

[sendmail has a permissive type (system_mail_t). This access was not denied.]

SELinux denied access requested by the sendmail command. It looks like this is
either a leaked descriptor or sendmail output was redirected to a file it is not
allowed to access. Leaks usually can be ignored since SELinux is just closing
the leak and reporting the error. The application does not use the descriptor,
so it will run properly. If this is a redirection, you will not get output in
the /tmp/.NSPR-AFM-6363-2aabc80fc870.0 (deleted). You should generate a bugzilla
on selinux-policy, and it will get routed to the appropriate package. You can
safely ignore this avc.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)

Additional Information:

Source Context                system_u:system_r:system_mail_t:s0
Target Context                system_u:object_r:httpd_tmp_t:s0
Target Objects                /tmp/.NSPR-AFM-6363-2aabc80fc870.0 (deleted) [
                              file ]
Source                        sendmail
Source Path                   /usr/sbin/sendmail.sendmail
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           sendmail-8.14.3-8.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.32-33.fc12
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   leaks
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.31.1-48.fc12.x86_64 #1 SMP Fri Sep 25 16:57:40
                              EDT 2009 x86_64 x86_64
Alert Count                   1
First Seen                    Mon Jun 23 15:40:27 2008
Last Seen                     Mon Jun 23 15:40:27 2008
Local ID                      d97e260c-b582-4acd-8013-265954378cba
Line Numbers                  1, 2, 4

Raw Audit Messages            

type=AVC msg=audit(1214250027.124:570): avc:  denied  { read write } for  pid=32570 comm="sendmail" path=2F746D702F2E4E5350522D41464D2D363336332D3261616263383066633837302E30202864656C6574656429 dev=dm-2 ino=98310 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_tmp_t:s0 tclass=file 

type=AVC msg=audit(1214250027.124:570): avc:  denied  { read } for  pid=32570 comm="sendmail" path="eventpoll:[347445]" dev=eventpollfs ino=347445 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=file

type=SYSCALL msg=audit(1214250027.124:570): arch=c000003e syscall=59 success=yes exit=0 a0=18357d70 a1=18357de0 a2=18356d00 a3=3 items=0 ppid=15844 pid=32570 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=51 sgid=51 fsgid=51 tty=(none) ses=4294967295 comm="sendmail" exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:system_mail_t:s0 key=(null)

This is not a sendmail or an selinux policy bug.

This indicates that the apache scripts/modules you are using a leaking files to the sendmail program.  You can safely ignore these errors, since SELinux will close the access.  If you want to allow the access you can use audit2allow  to generate a policy module.

# grep sendmail /var/log/audit/audit.log | audit2allow -m mysendmail
# semodule -i mysendmail.pp


I can not tell from the AVC which apache module is leaking the descriptors, but you should report this as a bug to those apps to close the descriptors on exec.

fcntl(fd, F_SETFD, FD_CLOEXEC)