-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steven Stern wrote: > For two days, I've been receiving notices from setroubleshooter about > sendmail and "unknown file". Today, after the pam update, I rebooted > and saw sendmail fail to start due to a problem with "services". > > Feb 26 06:55:50 sds-desk setroubleshoot: #012 SELinux is preventing > the /usr/sbin/sendmail.sendmail from using potentially mislabeled files > (<Unknown>).#012 > > Feb 26 07:04:35 sds-desk setroubleshoot: #012 SELinux is preventing > the /usr/sbin/sendmail.sendmail from using potentially mislabeled files > (/etc/services).#012 > > I used > > ~ grep sendmail /var/log/audit/audit.log | audit2allow -M sendmail > > to generate a policy to fix this. Was this the right thing to do? And > what caused sendmail and selinux to suddenly have a problem? > > sendmail.te: > > module sendmail 1.0; > > require { > ~ type initrc_tmp_t; > ~ type rpm_script_tmp_t; > ~ type system_mail_t; > ~ type unconfined_home_t; > ~ type sendmail_t; > ~ type unconfined_home_dir_t; > ~ type var_t; > ~ class process setrlimit; > ~ class dir { getattr search }; > ~ class file { write getattr read ioctl }; > } > > #============= sendmail_t ============== > allow sendmail_t initrc_tmp_t:file { read write getattr ioctl }; > allow sendmail_t rpm_script_tmp_t:file read; > allow sendmail_t self:process setrlimit; > allow sendmail_t unconfined_home_dir_t:dir { getattr search }; > allow sendmail_t unconfined_home_t:file { read getattr }; > allow sendmail_t var_t:file { read write }; > > #============= system_mail_t ============== > allow system_mail_t rpm_script_tmp_t:file read; > > I think your problem is you have a badly labeled /etc/services file. restorecon /etc/services vmware has a bug in there postinstall script that screws up the labeling of /etc/services. I am not sure of your other changes so could you please attach the audit.log file that you used to generate this policy. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkfEFhIACgkQrlYvE4MpobPOtwCg5XO78Qdwual6RQNWJ+xNJvAM hJ4An29saOATJ24LvaT04GA0RDWSRGYR =Aa6e -----END PGP SIGNATURE----- -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list