Bug 492546 - When hoststat stuff in sendmail.mc is enabled SELinux is preventing sendmail (sendmail_t) "create" to ./wijakoers. (mqueue_spool_t).
When hoststat stuff in sendmail.mc is enabled SELinux is preventing sendmail ...
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
10
All Linux
low Severity high
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-27 07:56 EDT by Eddie Lania
Modified: 2009-04-08 04:13 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-08 04:13:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
sealert output. (2.98 KB, text/plain)
2009-03-27 07:58 EDT, Eddie Lania
no flags Details

  None (edit)
Description Eddie Lania 2009-03-27 07:56:39 EDT
Description of problem: When hoststat stuff in sendmail.mc is enabled: SELinux is preventing sendmail (sendmail_t) "create" to ./wijakoers. (mqueue_spool_t).

Version-Release number of selected component (if applicable):
[root@ls2ka mail]# rpm -qa |grep sendmail
sendmail-doc-8.14.3-3.fc10.i386
sendmail-cf-8.14.3-3.fc10.i386
sendmail-devel-8.14.3-3.fc10.i386
sendmail-8.14.3-3.fc10.i386
clamav-milter-sendmail-0.94.2-1.fc10.i386
[root@ls2ka mail]# rpm -qa |grep selinux
selinux-policy-targeted-3.5.13-49.fc10.noarch
selinux-policy-3.5.13-49.fc10.noarch
libselinux-2.0.78-1.fc10.i386
libselinux-utils-2.0.78-1.fc10.i386
libselinux-python-2.0.78-1.fc10.i386
[root@ls2ka mail]#


How reproducible:
Enable the hoststat option in sendmail.

Steps to Reproduce:
1. Install sendmail and sendmail-cf

2. Configure the hoststat stuff in sendmail.mc:

dnl Use the host status stuff, so we don't spend time trying to send to hosts that have
dnl already given us a problem
define(`confHOST_STATUS_DIRECTORY', `.hoststat')dnl
define(`confTO_HOSTSTATUS', `30m')dnl
dnl
define(`confSINGLE_THREAD_DELIVERY', `True')dnl
dnl

3. Start sendmail and observe SELinux logging messages like below.
  
Actual results: Denials like: SELinux is preventing sendmail (sendmail_t) "create" to ./wijakoers. (mqueue_spool_t). For complete SELinux messages. run sealert -l 7bb0373f-b218-488d-be1a-ba27e9c7912b


Expected results:

To not have the .hoststat directory giving these SELinux problems.


Additional info:
Comment 1 Eddie Lania 2009-03-27 07:58:07 EDT
Created attachment 336995 [details]
sealert output.
Comment 2 Miroslav Grepl 2009-03-27 08:19:42 EDT
Dan,

it looks like we should add this pattern to mta_manage_queue interface:

manage_dirs_pattern($1, mqueue_spool_t, mqueue_spool_t)
Comment 3 Daniel Walsh 2009-03-27 09:35:35 EDT
Yes sounds correct.
Comment 4 Miroslav Grepl 2009-03-30 12:27:35 EDT
Fixed in selinux-policy-3.5.13-54.fc10
Comment 5 Eddie Lania 2009-04-08 04:11:48 EDT
It works here, thank you.

Note You need to log in before you can comment on or make changes to this bug.