On 5/9/20 9:45 PM, Sam Varshavchik wrote:
Raw Audit Messages
type=AVC msg=audit(1589082060.526:1156): avc: denied { signal } for
pid=672912 comm="courierlogger"
scontext=unconfined_u:unconfined_r:system_mail_t:s0-s0:c0.c1023
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=process
permissive=0
I've filed bug reports on this in the past, but only successfully got
the bug fixed in RHEL:
https://bugzilla.redhat.com/show_bug.cgi?id=1161812
The problem isn't that rpm scripts run in a confined domain, but that
"courierlogger" is labelled, and transitions to that domain whenever it
is run. The solution is to label courier binaries as "bin_t" so they
aren't confined (until someone provides a policy for Courier).
Maybe file another bug and refer to the one above.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
