--- Don Russell <fedora@xxxxxxxxxxxxxxxxxxxxx> wrote: > I've finally decided to see if I can get rid of all > my SELinux errors. > A great help in this was installed the > setroubleshoot package. > > This is on FC7... > > I am unable to get rid of the following error > regarding fetchmail not > being able to access .fetchmailrc in home > directories. > > I have used the suggested commands to "relabel" > things... but the error > messages persist. :-( > > What am I missing? > > Summary > SELinux is preventing the /usr/bin/fetchmail from > using potentially > mislabeled files (/home/don/.fetchmailrc). > Detailed Description > SELinux has denied /usr/bin/fetchmail access to > potentially mislabeled > file(s) (/home/don/.fetchmailrc). This means that > SELinux will not allow > /usr/bin/fetchmail to use these files. It is common > for users to edit > files in their home directory or tmp directories and > then move (mv) them > to system directories. The problem is that the files > end up with the > wrong file context which confined applications are > not allowed to access. > Allowing Access > If you want /usr/bin/fetchmail to access this files, > you need to relabel > them using restorecon -v /home/don/.fetchmailrc. You > might want to > relabel the entire directory using restorecon -R -v > /home/don. > Additional Information > > Source Context: system_u:system_r:fetchmail_t > Target Context: user_u:object_r:user_home_t > Target Objects: /home/don/.fetchmailrc [ file ] > Affected RPM Packages: fetchmail-6.3.7-2.fc7 > [application] > Policy RPM: selinux-policy-2.6.4-40.fc7 > Selinux Enabled: True > Policy Type: targeted > MLS Enabled: True > Enforcing Mode: Permissive > Plugin Name: plugins.home_tmp_bad_labels > Host Name: boris > Platform: Linux boris 2.6.22.5-76.fc7 #1 SMP Thu > Aug 30 13:47:21 EDT > 2007 i686 i686 > Alert Count: 45 > First Seen: Wed Sep 12 22:16:56 2007 > Last Seen: Sat Sep 15 08:36:21 2007 > Local ID: 85646638-60c7-4360-98aa-96a137eb018a > Line Numbers: > > Raw Audit Messages : > > avc: denied { getattr } for comm="fetchmail" > dev=dm-0 egid=500 euid=500 > exe="/usr/bin/fetchmail" exit=0 fsgid=500 fsuid=500 > gid=500 items=0 > name=".fetchmailrc" path="/home/don/.fetchmailrc" > pid=2969 > scontext=system_u:system_r:fetchmail_t:s0 sgid=500 > subj=system_u:system_r:fetchmail_t:s0 suid=500 > tclass=file > tcontext=user_u:object_r:user_home_t:s0 tty=(none) > uid=500 > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: > https://www.redhat.com/mailman/listinfo/fedora-list > Don, I am no expert here on selinux, but when I have run into problems with it, I try the suggestions: # restorecon -v /home/don/.fetchmailrc. You might want to relabel the entire directory using # restorecon -R -v /home/don. If this do not work like you are stating, the next step is to try the two commands as su - SuperUser Mode: # touch ./autorelabel # reboot and if that does not work check the selinux policy to see that it is the latest one. Selinux is difficult many times, but there are some kind users on this list and the fedora-selinux-list that are very helpful. You may also read the pages on the Wiki http://fedoraproject.org/wiki/SELinux http://fedoraproject.org/wiki/SELinux/Troubleshooting If you have set the selinux mode to permissive and then made the respective changes that the setroubleshoter encouraged you to do and then started selinux in enforcing mode and you get denied avcs again, you may need to file a bug report against the package(s) fetchmail-6.3.7-2.fc7 or Policy RPM: selinux-policy-2.6.4-40.fc7 Regards, Antonio ____________________________________________________________________________________ Need a vacation? Get great deals to amazing places on Yahoo! Travel. http://travel.yahoo.com/ -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list