exim: SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a recently installed/patched F11 system.  It was a fresh
install to one disk leaving my home directory untouched on another
disk.  Today, I installed exim and removed sendmail via yum at the
command line.  I am using the same exim.conf file that I had used with
F10 after having compared it to the original one.  I am now receiving
the following message when I attempt to retrieve mail from my ISP:
Jul 12 14:26:36 flinux setroubleshoot: SELinux is preventing exim
(exim_t) "getattr" boot_t. For complete SELinux messages. run sealert
-l e699bb55-c0dc-4bbf-a57e-3d82d6dadcad


sealert -l e699bb55-c0dc-4bbf-a57e-3d82d6dadcad
Summary:

SELinux is preventing exim (exim_t) "getattr" boot_t.

Detailed Description:

SELinux denied access requested by exim. It is not expected that this access is
required by exim and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                unconfined_u:system_r:exim_t:s0
Target Context                system_u:object_r:boot_t:s0
Target Objects                /boot [ dir ]
Source                        exim
Source Path                   /usr/sbin/exim
Port                          <Unknown>
Host                          flinux
Source RPM Packages           exim-4.69-10.fc11
Target RPM Packages           filesystem-2.4.21-1.fc11
Policy RPM                    selinux-policy-3.6.12-62.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     flinux
Platform                      Linux flinux 2.6.29.5-191.fc11.i686.PAE #1 SMP Tue
                              Jun 16 23:19:53 EDT 2009 i686 athlon
Alert Count                   289
First Seen                    Sun Jul 12 14:22:12 2009
Last Seen                     Sun Jul 12 14:23:53 2009
Local ID                      e699bb55-c0dc-4bbf-a57e-3d82d6dadcad
Line Numbers

Raw Audit Messages

node=flinux type=AVC msg=audit(1247433833.210:331): avc:  denied  {
getattr } for  pid=2508 comm="exim" path="/boot" dev=sda1 ino=2
scontext=unconfined_u:system_r:exim_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir

node=flinux type=SYSCALL msg=audit(1247433833.210:331): arch=40000003
syscall=195 success=no exit=-13 a0=bfa2e2c2 a1=bfa2e6b8 a2=b7dbfff4
a3=0 items=0 ppid=2447 pid=2508 auid=500 uid=93 gid=93 euid=93 suid=93
fsuid=93 egid=93 sgid=93 fsgid=93 tty=(none) ses=1 comm="exim"
exe="/usr/sbin/exim" subj=unconfined_u:system_r:exim_t:s0 key=(null)


Any thoughts/suggestions?

Thanks,
Frank

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux