Bug 522122 - mls prevents exim settling logfile permissions
Summary: mls prevents exim settling logfile permissions
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-mls
Version: 11
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-09 14:22 UTC by Robert Story
Modified: 2010-03-04 08:27 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-03-04 08:27:08 UTC


Attachments (Terms of Use)

Description Robert Story 2009-09-09 14:22:21 UTC
Description of problem:
mls prevents exim settling logfile permissions

Version-Release number of selected component (if applicable):
selinux-policy-mls-3.6.12-80.fc11.noarch

How reproducible:
always

Steps to Reproduce:
1. install exim
2. start exim
3.
  
Actual results:
avcs

Expected results:
no avcs

Additional info:
I'm not actually running a mail server, so I don't know if they affect exim functionality, but these avcs occur every time i reboot and exim is started...

+ type=AVC msg=audit(1252444939.825:29): avc:  denied  { setattr } for  pid=1733 comm="chown" name="main.log" dev=dm-0 ino=48013 scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:exim_log_t:s0 tclass=file
+ type=AVC msg=audit(1252444939.826:30): avc:  denied  { setattr } for  pid=1733 comm="chown" name="exim" dev=dm-0 ino=35396 scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:exim_log_t:s0 tclass=dir
+ type=AVC msg=audit(1252444939.835:31): avc:  denied  { setattr } for  pid=1733 comm="chown" name="msglog" dev=dm-0 ino=35400 scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:exim_spool_t:s0 tclass=dir
+ type=AVC msg=audit(1252444939.837:32): avc:  denied  { setattr } for  pid=1733 comm="chown" name="input" dev=dm-0 ino=35399 scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:exim_spool_t:s0 tclass=dir
+ type=AVC msg=audit(1252444939.845:33): avc:  denied  { setattr } for  pid=1733 comm="chown" name="db" dev=dm-0 ino=35398 scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:exim_spool_t:s0 tclass=dir
+ type=AVC msg=audit(1252444939.846:34): avc:  denied  { setattr } for  pid=1733 comm="chown" name="exim" dev=dm-0 ino=35397 scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:exim_spool_t:s0 tclass=dir

Comment 1 Daniel Walsh 2009-09-09 21:47:27 UTC
Miroslav, I have these in F12.

mls_file_read_all_levels(initrc_t)
mls_file_write_all_levels(initrc_t)
mls_process_read_up(initrc_t)
mls_process_write_down(initrc_t)
mls_rangetrans_source(initrc_t)
mls_fd_share_all_levels(initrc_t)

Comment 2 Miroslav Grepl 2009-11-06 14:57:39 UTC
Are you still seeing this issue with the current F11 selinux-policy ?

Comment 3 Miroslav Grepl 2010-03-04 08:27:08 UTC
I am closing this bug as CURRENTRELEASE. 

Please reopen if the problem still persists.


Note You need to log in before you can comment on or make changes to this bug.