SELinux is preventing /usr/sbin/sendmail.sendmail from 'read' accesses on the file /tmp/.NSPR-AFM-1910-7ff497ea2290.0 (deleted). ***** Plugin catchall (100. confidence) suggests *************************** If you believe that sendmail.sendmail should be allowed read access on the .NSPR-AFM-1910-7ff497ea2290.0 (deleted) file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep /usr/sbin/sendmail.sendmail /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:system_mail_t:s0 Target Context system_u:object_r:httpd_tmp_t:s0 Target Objects /tmp/.NSPR-AFM-1910-7ff497ea2290.0 (deleted) [ file ] Source sendmail Source Path /usr/sbin/sendmail.sendmail Port <Unknown> Host (removed) Source RPM Packages sendmail-8.14.4-10.fc14 Target RPM Packages Policy RPM selinux-policy-3.9.7-18.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.35.10-72.fc14.x86_64 #1 SMP Mon Dec 20 21:14:22 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Mon 27 Dec 2010 03:00:23 PM EET Last Seen Mon 27 Dec 2010 03:00:23 PM EET Local ID 457842f7-4e18-4754-ac18-6df52a716c8b Raw Audit Messages type=AVC msg=audit(1293454823.329:486): avc: denied { read } for pid=5529 comm="sendmail" path=2F746D702F2E4E5350522D41464D2D313931302D3766663439376561323239302E30202864656C6574656429 dev=dm-0 ino=1439018 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_tmp_t:s0 tclass=file sendmail,system_mail_t,httpd_tmp_t,file,read type=SYSCALL msg=audit(1293454823.329:486): arch=x86_64 syscall=execve success=yes exit=0 a0=ffbe60 a1=ffbf40 a2=ffab10 a3=38 items=0 ppid=2180 pid=5529 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=51 sgid=51 fsgid=51 tty=(none) ses=4294967295 comm=sendmail exe=/usr/sbin/sendmail.sendmail subj=system_u:system_r:system_mail_t:s0 key=(null) sendmail,system_mail_t,httpd_tmp_t,file,read #============= system_mail_t ============== allow system_mail_t httpd_tmp_t:file read;
The email has arrived but I don't know what postfix is doing ?
This looks like a leak from httpd. Miroslav add apache_dontaudit_rw_tmp_files(system_mail_t)
Yes, it looks like a leak Fixed in selinux-policy-3.9.7-20.fc14
selinux-policy-3.9.7-20.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-20.fc14
selinux-policy-3.9.7-20.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-20.fc14
selinux-policy-3.9.7-20.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.