Summary: SELinux is preventing sendmail "write" access on /var/spool/fcron/fcr-8yxZH1 (deleted). Detailed Description: SELinux denied access requested by sendmail. It is not expected that this access is required by sendmail and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:system_mail_t:SystemLow- SystemHigh Target Context system_u:object_r:cron_spool_t:SystemLow Target Objects /var/spool/fcron/fcr-8yxZH1 (deleted) [ file ] Source sendmail Source Path sendmail Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.7.19-23.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.5-124.fc13.i686.PAE #1 SMP Fri Jun 11 09:42:24 UTC 2010 i686 i686 Alert Count 1 First Seen Wed 16 Jun 2010 08:00:02 PM EDT Last Seen Wed 16 Jun 2010 08:00:02 PM EDT Local ID 7512fe4d-1b09-4807-a984-a3e091f113d2 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1276732802.274:202): avc: denied { write } for pid=19134 comm="sendmail" path=2F7661722F73706F6F6C2F6663726F6E2F6663722D3879785A4831202864656C6574656429 dev=sda7 ino=729089 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cron_spool_t:s0 tclass=file Hash String generated from catchall,sendmail,system_mail_t,cron_spool_t,file,write audit2allow suggests: #============= system_mail_t ============== allow system_mail_t cron_spool_t:file write;
I am not certain where to post this - but you cannot pull down seedit using yum because it is considered in conflict with the targeted, ML, etc policies. This interferes in bug hunting on selinux.( I had to pull down the rpm and install it as an archive ).
seedit is not a package you should be installing. This looks like a redirection of stdout which is being denied Miroslav, Add cron_rw_inherited_user_spool_files(system_mail_t) to mta.te
Fixed in selinux-policy-3.7.19-31.fc13.
selinux-policy-3.7.19-33.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-33.fc13
selinux-policy-3.7.19-33.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-33.fc13
selinux-policy-3.7.19-33.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.