Bug 801459 - new files in /var/mail are created with quota_db_t context instead of mail_spool_t context
Summary: new files in /var/mail are created with quota_db_t context instead of mail_sp...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy
Version: 7.0
Hardware: All
OS: Linux
medium
high
Target Milestone: beta
: ---
Assignee: Daniel Walsh
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-03-08 15:25 UTC by Ales Zelinka
Modified: 2015-02-19 09:07 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-08 15:45:29 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Ales Zelinka 2012-03-08 15:25:16 UTC 
Description of problem:
New files in /var/mail/ are created with object_r:quota_db_t context instead of object_r:mail_spool_t. Mail to these users then gets bounced.

$ useradd someuser
$ ls -laZ /var/mail/
drwxrwxr-x. root     mail system_u:object_r:mail_spool_t:s0 .
drwxr-xr-x. root     root system_u:object_r:var_spool_t:s0 ..
-rw-------. root     mail system_u:object_r:mail_spool_t:s0 root
-rw-rw----. rpc      mail system_u:object_r:mail_spool_t:s0 rpc
-rw-rw----. someuser mail unconfined_u:object_r:quota_db_t:s0 someuser
-rw-rw----. test     mail system_u:object_r:mail_spool_t:s0 test


restorecon fixes the issue:

$ restorecon -Rv /var/mail/
restorecon reset /var/spool/mail/someuser context unconfined_u:object_r:quota_db_t:s0->unconfined_u:object_r:mail_spool_t:s0
$ ls -laZ /var/mail/
drwxrwxr-x. root     mail system_u:object_r:mail_spool_t:s0 .
drwxr-xr-x. root     root system_u:object_r:var_spool_t:s0 ..
-rw-r--r--. root     root unconfined_u:object_r:mail_spool_t:s0 newfile
-rw-------. root     mail system_u:object_r:mail_spool_t:s0 root
-rw-rw----. rpc      mail system_u:object_r:mail_spool_t:s0 rpc
-rw-rw----. someuser mail unconfined_u:object_r:mail_spool_t:s0 someuser
-rw-rw----. test     mail system_u:object_r:mail_spool_t:s0 test



Version-Release number of selected component (if applicable):
selinux-policy-3.10.0-56.el7.noarch
Comment 1 Daniel Walsh 2012-03-08 15:45:29 UTC 
This is fixed in the latest selinux policy in F17 which is what I wish you were testing, rather then something that has been fixed in F16 for quite a while.
Note You need to log in before you can comment on or make changes to this bug.