Hide Forgot
SELinux is preventing /usr/bin/uux from 'read' accesses on the fifo_file fifo_file. I believe this happens when postfix passes mail supposed to be sent over UUCP to uux, cf. the changes needed for local delivery to dovecot_t in 3.9.13-6: ... - Allow dovecot_deliver_t to read/write postfix_master_t:fifo_file. * These fifo_file is passed from postfix_master_t to postfix_local_t to dovecot_deliver_t ... ***** Plugin leaks (50.5 confidence) suggests ****************************** If you want to ignore uux trying to read access the fifo_file fifo_file, because you believe it should not need this access. Then you should report this as a bug. You can generate a local policy module to dontaudit this access. Do # grep /usr/bin/uux /var/log/audit/audit.log | audit2allow -D -M mypol # semodule -i mypol.pp ***** Plugin catchall (50.5 confidence) suggests *************************** If you believe that uux should be allowed read access on the fifo_file fifo_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep uux /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:uux_t:s0 Target Context system_u:system_r:postfix_master_t:s0 Target Objects fifo_file [ fifo_file ] Source uux Source Path /usr/bin/uux Port <Unknown> Host (removed) Source RPM Packages uucp-1.07-25.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-24.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 UTC 2011 x86_64 x86_64 Alert Count 12 First Seen Mon 30 May 2011 01:33:54 PM CEST Last Seen Thu 02 Jun 2011 12:31:44 AM CEST Local ID 054b7b75-af13-4c81-bfba-1d78d6e75725 Raw Audit Messages type=AVC msg=audit(1306967504.0:7864): avc: denied { read } for pid=20218 comm="uux" path="pipe:[21477]" dev=pipefs ino=21477 scontext=system_u:system_r:uux_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=fifo_file type=AVC msg=audit(1306967504.0:7864): avc: denied { write } for pid=20218 comm="uux" path="pipe:[21477]" dev=pipefs ino=21477 scontext=system_u:system_r:uux_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1306967504.0:7864): arch=x86_64 syscall=execve success=yes exit=0 a0=7fff24415005 a1=7fdbff4fc7c0 a2=7fdbff4fc8c0 a3=7fff24414e40 items=0 ppid=20217 pid=20218 auid=4294967295 uid=10 gid=14 euid=10 suid=10 fsuid=10 egid=14 sgid=14 fsgid=14 tty=(none) ses=4294967295 comm=uux exe=/usr/bin/uux subj=system_u:system_r:uux_t:s0 key=(null) Hash: uux,uux_t,postfix_master_t,fifo_file,read audit2allow #============= uux_t ============== allow uux_t postfix_master_t:fifo_file { read write }; audit2allow -R #============= uux_t ============== allow uux_t postfix_master_t:fifo_file { read write };
Oh, I meant to file this against F-15, but setrubleshoot seems to have files this against Rawhide behind my back ;-), do you want a new bug for that?
I will add it there also. will be in next update.
Thanks!