Source: procmailSource Path: /usr/bin/procmail Port: <Unknown>Host: bsawebserver Source RPM Packages: procmail-3.22-17.1 Target RPM Packages: Policy RPM: selinux-policy-2.4.6-203.el5 Selinux Enabled: TruePolicy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: catchall Host Name: bsawebserver Platform: Linux bsawebserver 2.6.18-128.1.10.el5 #1 SMP Wed Apr 29 13:53:08 EDT 2009 x86_64 x86_64 Alert Count: 1 First Seen: Sun 21 Jun 2009 11:59:02 PM MSTLast Seen: Sun 21 Jun 2009 11:59:02 PM MSTLocal ID: cd31d5b8-d7c9-4eb3-b55a-1478486e0b41 Line Numbers: Raw Audit Messages :host=bsawebserver type=AVC msg=audit(1245653942.844:56025): avc: denied { fsetid } for pid=27804 comm="procmail" capability=4 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:procmail_t:s0 tclass=capability host=bsawebserver type=AVC msg=audit(1245653942.844:56025): avc: denied { fsetid } for pid=27804 comm="procmail" capability=4 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:procmail_t:s0 tclass=capability host=bsawebserver type=SYSCALL msg=audit(1245653942.844:56025): arch=c000003e syscall=90 success=yes exit=0 a0=1bbc1310 a1=8180 a2=0 a3=4000 items=0 ppid=27803 pid=27804 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="procmail" exe="/usr/bin/procmail" subj=system_u:system_r:procmail_t:s0 key=(null)
You can add these rules now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-2.4.6-249.el5
This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?".
This exception was reviewed and approved for inclusion in RHEL 5.4 Snapshot 3.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1242.html