Zusammenfassung: SELinux is preventing fetchmail (fetchmail_t) "read" to sh (bin_t). Detaillierte Beschreibung: SELinux denied access requested by fetchmail. It is not expected that this access is required by fetchmail and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Zugriff erlauben: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for sh, restorecon -v 'sh' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Zusätzliche Informationen: Quellkontext system_u:system_r:fetchmail_t:s0 Zielkontext system_u:object_r:bin_t:s0 Zielobjekte sh [ lnk_file ] Quelle fetchmail Quellen-Pfad /usr/bin/fetchmail Port <Unbekannt> Host (removed) Quellen-RPM-Pakete fetchmail-6.3.8-8.fc10 Ziel-RPM-Pakete RPM-Richtlinie selinux-policy-3.5.13-55.fc10 SELinux aktiviert True Richtlinienversion targeted Enforcing-Modus Enforcing Plugin-Name catchall_file Hostname (removed) Plattform Linux idpc07 2.6.27.21-170.2.56.fc10.x86_64 #1 SMP Mon Mar 23 23:08:10 EDT 2009 x86_64 x86_64 Anzahl der Alarme 1 Zuerst gesehen Fr 17 Apr 2009 16:16:04 CEST Zuletzt gesehen Fr 17 Apr 2009 16:16:04 CEST Lokale ID 8dc5dedd-a168-4f04-ac98-8867c302d180 Zeilennummern Raw-Audit-Meldungen node=idpc07 type=AVC msg=audit(1239977764.157:31): avc: denied { read } for pid=5840 comm="fetchmail" name="sh" dev=dm-0 ino=3416067 scontext=system_u:system_r:fetchmail_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file node=idpc07 type=SYSCALL msg=audit(1239977764.157:31): arch=c000003e syscall=59 success=no exit=-13 a0=3e77538b8a a1=7fffe2c6c460 a2=7fffe2c6c6b0 a3=8 items=0 ppid=5839 pid=5840 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fetchmail" exe="/usr/bin/fetchmail" subj=system_u:system_r:fetchmail_t:s0 key=(null) Hash String generated from selinux-policy-3.5.13-55.fc10,catchall_file,fetchmail,fetchmail_t,bin_t,lnk_file,read audit2allow suggests: #============= fetchmail_t ============== #!!!! This avc is allowed in the current policy allow fetchmail_t bin_t:lnk_file read;
*** This bug has been marked as a duplicate of bug 538428 ***