--- Don Russell <fedora@xxxxxxxxxxxxxxxxxxxxx> wrote:
> I've finally decided to see if I can get rid of all
> my SELinux errors.
> A great help in this was installed the
> setroubleshoot package.
>
> This is on FC7...
>
> I am unable to get rid of the following error
> regarding fetchmail not
> being able to access .fetchmailrc in home
> directories.
>
> I have used the suggested commands to "relabel"
> things... but the error
> messages persist. :-(
>
> What am I missing?
>
> Summary
> SELinux is preventing the /usr/bin/fetchmail from
> using potentially
> mislabeled files (/home/don/.fetchmailrc).
> Detailed Description
> SELinux has denied /usr/bin/fetchmail access to
> potentially mislabeled
> file(s) (/home/don/.fetchmailrc). This means that
> SELinux will not allow
> /usr/bin/fetchmail to use these files. It is common
> for users to edit
> files in their home directory or tmp directories and
> then move (mv) them
> to system directories. The problem is that the files
> end up with the
> wrong file context which confined applications are
> not allowed to access.
> Allowing Access
> If you want /usr/bin/fetchmail to access this files,
> you need to relabel
> them using restorecon -v /home/don/.fetchmailrc. You
> might want to
> relabel the entire directory using restorecon -R -v
> /home/don.
> Additional Information
>
> Source Context: system_u:system_r:fetchmail_t
> Target Context: user_u:object_r:user_home_t
> Target Objects: /home/don/.fetchmailrc [ file ]
> Affected RPM Packages: fetchmail-6.3.7-2.fc7
> [application]
> Policy RPM: selinux-policy-2.6.4-40.fc7
> Selinux Enabled: True
> Policy Type: targeted
> MLS Enabled: True
> Enforcing Mode: Permissive
> Plugin Name: plugins.home_tmp_bad_labels
> Host Name: boris
> Platform: Linux boris 2.6.22.5-76.fc7 #1 SMP Thu
> Aug 30 13:47:21 EDT
> 2007 i686 i686
> Alert Count: 45
> First Seen: Wed Sep 12 22:16:56 2007
> Last Seen: Sat Sep 15 08:36:21 2007
> Local ID: 85646638-60c7-4360-98aa-96a137eb018a
> Line Numbers:
>
> Raw Audit Messages :
>
> avc: denied { getattr } for comm="fetchmail"
> dev=dm-0 egid=500 euid=500
> exe="/usr/bin/fetchmail" exit=0 fsgid=500 fsuid=500
> gid=500 items=0
> name=".fetchmailrc" path="/home/don/.fetchmailrc"
> pid=2969
> scontext=system_u:system_r:fetchmail_t:s0 sgid=500
> subj=system_u:system_r:fetchmail_t:s0 suid=500
> tclass=file
> tcontext=user_u:object_r:user_home_t:s0 tty=(none)
> uid=500
>
>
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe:
> https://www.redhat.com/mailman/listinfo/fedora-list
>
Don,
I am no expert here on selinux, but when I have run
into problems with it, I try the suggestions:
# restorecon -v /home/don/.fetchmailrc.
You might want to
relabel the entire directory using
# restorecon -R -v /home/don.
If this do not work like you are stating, the next
step is to try the two commands as su - SuperUser
Mode:
# touch ./autorelabel
# reboot
and if that does not work check the selinux policy to
see that it is the latest one. Selinux is difficult
many times, but there are some kind users on this list
and the fedora-selinux-list that are very helpful.
You may also read the pages on the Wiki
http://fedoraproject.org/wiki/SELinux
http://fedoraproject.org/wiki/SELinux/Troubleshooting
If you have set the selinux mode to permissive and
then made the respective changes that the
setroubleshoter encouraged you to do and then started
selinux in enforcing mode and you get denied avcs
again, you may need to file a bug report against the
package(s)
fetchmail-6.3.7-2.fc7 or
Policy RPM: selinux-policy-2.6.4-40.fc7
Regards,
Antonio
____________________________________________________________________________________
Need a vacation? Get great deals
to amazing places on Yahoo! Travel.
http://travel.yahoo.com/
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
