Bug 997710 - SELinux is preventing deliver (dovecot_deliver_t) "signull" to <Unknown> (dovecot_deliver_t).
Summary: SELinux is preventing deliver (dovecot_deliver_t) "signull" to <Unknown> (dov...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy
Version: 5.8
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-08-16 04:08 UTC by jessicahu
Modified: 2014-09-16 00:29 UTC (History)
3 users (show)

Fixed In Version: selinux-policy-2.4.6-349.el5
Doc Type: Bug Fix
Doc Text:
Due to missing rules in the SELinux policy, SELinux did not allow the dovecot_deliver_t process to send the SIGNULL signal. With this update, the SELinux rules have been modified accordingly and SELinux no longer prevents dovecot_deliver_t from sending SIGNULL.
Clone Of:
Environment:
Last Closed: 2014-09-16 00:29:48 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1205 0 normal SHIPPED_LIVE selinux-policy bug fix update 2014-09-16 04:16:46 UTC

Description jessicahu 2013-08-16 04:08:36 UTC 
Description of problem:

SELinux message shown as below:

Summary
SELinux is preventing deliver (dovecot_deliver_t) "signull" to <Unknown> (dovecot_deliver_t). 

Detailed Description
[SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.]
SELinux denied access requested by deliver. It is not expected that this access is required by deliver and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. 

Allowing Access
You can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package. 

Additional Information
Source Context:  root:system_r:dovecot_deliver_t
Target Context:  root:system_r:dovecot_deliver_t
Target Objects:  None [ process ]
Source:  deliver
Source Path:  /usr/libexec/dovecot/deliver
Port:  <Unknown>
Host:  (removed)
Source RPM Packages:  dovecot-1.0.7-7.el5 dovecot-1.0.7-7.el5_7.1
Target RPM Packages:  
Policy RPM:  selinux-policy-2.4.6-316.el5 selinux-policy-2.4.6-327.el5 selinux-policy-2.4.6-338.el5
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Permissive
Plugin Name:  catchall
Host Name:  (removed)
Platform:  Linux (removed) 2.6.18-308.16.1.el5xen #1 SMP Tue Oct 2 22:50:05 EDT 2012 x86_64 x86_64
Alert Count:  120
First Seen:  Tue 05 Mar 2013 04:30:55 PM CST
Last Seen:  Fri 16 Aug 2013 10:51:04 AM CST
Local ID:  278dd0ce-a957-4726-a46a-19f2601699e2
Line Numbers:  
Raw Audit Messages :
host=(removed) type=AVC msg=audit(1376621464.231:2655670): avc: denied { signull } for pid=9991 comm="deliver" scontext=root:system_r:dovecot_deliver_t:s0 tcontext=root:system_r:dovecot_deliver_t:s0 tclass=process host=(removed) type=SYSCALL msg=audit(1376621464.231:2655670): arch=c000003e syscall=62 success=yes exit=0 a0=2704 a1=0 a2=0 a3=0 items=0 ppid=9855 pid=9991 auid=0 uid=519 gid=519 euid=519 suid=519 fsuid=519 egid=519 sgid=519 fsgid=519 tty=(none) ses=27 comm="deliver" exe="/usr/libexec/dovecot/deliver" subj=root:system_r:dovecot_deliver_t:s0 key=(null) 

Distributor ID: CentOS
Description:    CentOS release 5.8 (Final)
Comment 1 RHEL Program Management 2014-01-22 16:26:44 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 6 errata-xmlrpc 2014-09-16 00:29:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1205.html
Note You need to log in before you can comment on or make changes to this bug.