Hide Forgot
SELinux is preventing /usr/sbin/sendmail.sendmail from 'connectto' accesses on the unix_stream_socket /var/run/saslauthd/mux. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that sendmail.sendmail should be allowed connectto access on the mux unix_stream_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep sendmail /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:sendmail_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects /var/run/saslauthd/mux [ unix_stream_socket ] Source sendmail Source Path /usr/sbin/sendmail.sendmail Port <Unknown> Host (removed) Source RPM Packages sendmail-8.14.5-1.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-34.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 2.6.38.8-35.fc15.x86_64 #1 SMP Wed Jul 6 13:58:54 UTC 2011 x86_64 x86_64 Alert Count 2 First Seen Mon 25 Jul 2011 02:36:56 PM CEST Last Seen Mon 25 Jul 2011 02:38:22 PM CEST Local ID 51c3e935-efe3-484e-b434-f2df8d16fec7 Raw Audit Messages type=AVC msg=audit(1311597502.646:164): avc: denied { connectto } for pid=7390 comm="sendmail" path="/var/run/saslauthd/mux" scontext=system_u:system_r:sendmail_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket type=SYSCALL msg=audit(1311597502.646:164): arch=x86_64 syscall=connect success=yes exit=0 a0=5 a1=7fff2776c370 a2=6e a3=7fff27769c40 items=0 ppid=7156 pid=7390 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) ses=4294967295 comm=sendmail exe=/usr/sbin/sendmail.sendmail subj=system_u:system_r:sendmail_t:s0 key=(null) Hash: sendmail,sendmail_t,unconfined_t,unix_stream_socket,connectto audit2allow #============= sendmail_t ============== allow sendmail_t unconfined_t:unix_stream_socket connectto; audit2allow -R #============= sendmail_t ============== allow sendmail_t unconfined_t:unix_stream_socket connectto;
Probably not a bug. It happens only if saslauthd is run from the console (e.g. in debug mode). If ran from initscript, everything is OK.
Yes. If you need to run a daemon by hand (for example in the debug mode) and you would like to be fine with SELinux then you can using runcon -u system_u -r system_r -t initrc_t -- runcon -t saslauthd_t -- saslauthd I had a blog talking about this, but the website is gone. Need to move it.