Summary: SELinux is preventing /usr/bin/perl "entrypoint" access on /usr/sbin/exim. Detailed Description: SELinux denied access requested by logwatch. It is not expected that this access is required by logwatch and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 Target Context system_u:object_r:exim_exec_t:s0 Target Objects /usr/sbin/exim [ file ] Source logwatch Source Path /usr/bin/perl Port <Unknown> Host (removed) Source RPM Packages perl-5.12.1-128.fc14 Target RPM Packages exim-4.71-4.fc14 Policy RPM selinux-policy-3.8.8-3.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.35-0.55.rc6.git0.fc14.x86_64 #1 SMP Thu Jul 22 20:03:51 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Sat 24 Jul 2010 03:13:05 IST Last Seen Sat 24 Jul 2010 03:13:05 IST Local ID ffec2b3d-802b-4d59-b4c0-3ac5a143b61e Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1279937585.890:25894): avc: denied { entrypoint } for pid=4588 comm="logwatch" path="/usr/sbin/exim" dev=dm-3 ino=54641 scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:exim_exec_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1279937585.890:25894): arch=c000003e syscall=59 success=no exit=-13 a0=7fff5e50c2b4 a1=1b9f720 a2=1b9ec20 a3=7fee14aed0d0 items=0 ppid=4541 pid=4588 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7 comm="logwatch" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,logwatch,logwatch_mail_t,exim_exec_t,file,entrypoint audit2allow suggests: #============= logwatch_mail_t ============== allow logwatch_mail_t exim_exec_t:file entrypoint;
Fixed in selinux-policy-3.8.8-6.fc14 Miroslav, we are going to need this fix in F13 also. allow $2 mta_exec_type:file entrypoint; added to mta_sendmail_domtrans
Added to selinux-policy-3.7.19-41.fc13.