I get these messages regularly:
Jul 15 03:31:15 lx121e rsyslogd[602]: [origin software="rsyslogd"
swVersion="8.36.0" x-pid="602" x-info="http://www.rsyslog.com";] rsyslogd
was HUPed
Jul 15 03:31:17 lx121e setroubleshoot[5780]: SELinux is preventing
mktemp from write access on the directory .esmtp_queue. For complete
SELinux messages run: sealert -l 769bacbf-0a48-48cf-8c93-27360ffcfdda
Jul 15 03:31:17 lx121e python3[5780]: SELinux is preventing mktemp from
write access on the directory .esmtp_queue.#012#012***** Plugin catchall
(100. confidence) suggests **************************#012#012If you
believe that mktemp should be allowed write access on the .esmtp_queue
directory by default.#012Then you should report this as a bug.#012You
can generate a local policy module to allow this access.#012Do#012allow
this access for now by executing:#012# ausearch -c 'mktemp' --raw |
audit2allow -M my-mktemp#012# semodule -X 300 -i my-mktemp.pp#012
Running sealert I get:
# sealert -l 769bacbf-0a48-48cf-8c93-27360ffcfdda
SELinux is preventing mktemp from write access on the directory
.esmtp_queue.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that mktemp should be allowed write access on the
.esmtp_queue directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'mktemp' --raw | audit2allow -M my-mktemp
# semodule -X 300 -i my-mktemp.pp
Additional Information:
Source Context system_u:system_r:logwatch_t:s0-s0:c0.c1023
Target Context system_u:object_r:mail_home_rw_t:s0
Target Objects .esmtp_queue [ dir ]
Source mktemp
Source Path mktemp
Port <Unknown>
Host lx121e.htt-consult.com
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.14.1-32.fc28.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name lx121e.htt-consult.com
Platform Linux lx121e.htt-consult.com
4.17.5-200.fc28.x86_64 #1 SMP Tue Jul 10
13:39:04
UTC 2018 x86_64 x86_64
Alert Count 42
First Seen 2018-05-28 03:17:06 EDT
Last Seen 2018-07-15 03:31:07 EDT
Local ID 769bacbf-0a48-48cf-8c93-27360ffcfdda
Raw Audit Messages
type=AVC msg=audit(1531639867.455:322): avc: denied { write } for
pid=5645 comm="mktemp" name=".esmtp_queue" dev="sda3" ino=1450925
scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023
tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=0
Hash: mktemp,logwatch_t,mail_home_rw_t,dir,write
One would think that the logwatch install should have done the necessary
SELinux setup?
Or is this some other SELinux problem?
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx/message/EUO7BGTNNBK6ZUTZ7QKA6525X2GNZGHD/
