Jeremy Ardley wrote:
Daniel J Walsh wrote:
Feb 25 05:01:08 mail kernel: audit(1109278868.985:0): avc: denied
{ search } for pid=9813 exe=/usr/sbin/sendmail.postfix name=postfix
dev=dm-0 ino=4032524 scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
Could you run one more test.
Run setenforce 0
and then try to use the mail program. What other AVC messages do you
see?
Feb 26 03:58:10 mail kernel: audit(1109361490.957:0): avc: denied {
search } for pid=11105 exe=/usr/sbin/sendmail.postfix name=postfix
dev =dm-0 ino=4032524 scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
Feb 26 03:58:10 mail kernel: audit(1109361490.975:0): avc: denied {
execute } for pid=11106 exe=/usr/sbin/sendmail.postfix name=postdrop
d ev=dm-0 ino=2961715 scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:sbin_t tclass=file
Feb 26 03:58:10 mail kernel: audit(1109361490.976:0): avc: denied {
execute_no_trans } for pid=11106 exe=/usr/sbin/sendmail.postfix
path=/ usr/sbin/postdrop dev=dm-0 ino=2961715
scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:sbin_t tclass=file
Feb 26 03:58:10 mail kernel: audit(1109361490.976:0): avc: denied {
read } for pid=11106 exe=/usr/sbin/sendmail.postfix
path=/usr/sbin/pos tdrop dev=dm-0 ino=2961715
scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:sbin_t tclass=file
Feb 26 03:58:11 mail kernel: audit(1109361491.017:0): avc: denied {
write } for pid=11106 exe=/usr/sbin/postdrop name=maildrop dev=dm-0
in o=4032533 scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
Feb 26 03:58:11 mail kernel: audit(1109361491.017:0): avc: denied {
add_name } for pid=11106 exe=/usr/sbin/postdrop name=17816.11106
scont ext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
Feb 26 03:58:11 mail kernel: audit(1109361491.017:0): avc: denied {
create } for pid=11106 exe=/usr/sbin/postdrop name=17816.11106
scontex t=user_u:system_r:system_mail_t
tcontext=user_u:object_r:mail_spool_t tclass=file
Feb 26 03:58:11 mail kernel: audit(1109361491.018:0): avc: denied {
getattr } for pid=11106 exe=/usr/sbin/postdrop
path=/var/spool/postfix /maildrop/17816.11106 dev=dm-0 ino=6340609
scontext=user_u:system_r:system_mail_t
tcontext=user_u:object_r:mail_spool_t tclass=file
Feb 26 03:58:11 mail kernel: audit(1109361491.019:0): avc: denied {
remove_name } for pid=11106 exe=/usr/sbin/postdrop name=17816.11106
de v=dm-0 ino=6340609 scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
Feb 26 03:58:11 mail kernel: audit(1109361491.019:0): avc: denied {
rename } for pid=11106 exe=/usr/sbin/postdrop name=17816.11106
dev=dm- 0 ino=6340609 scontext=user_u:system_r:system_mail_t
tcontext=user_u:object_r:mail_spool_t tclass=file
Feb 26 03:58:11 mail kernel: audit(1109361491.020:0): avc: denied {
write } for pid=11106 exe=/usr/sbin/postdrop
path=/var/spool/postfix/m aildrop/04D8460C001 dev=dm-0 ino=6340609
scontext=user_u:system_r:system_mail_t
tcontext=user_u:object_r:mail_spool_t tclass=file
Feb 26 03:58:11 mail kernel: audit(1109361491.022:0): avc: denied {
setattr } for pid=11106 exe=/usr/sbin/postdrop name=04D8460C001
dev=dm -0 ino=6340609 scontext=user_u:system_r:system_mail_t
tcontext=user_u:object_r:mail_spool_t tclass=file
Feb 26 03:58:11 mail kernel: audit(1109361491.037:0): avc: denied {
getattr } for pid=11106 exe=/usr/sbin/postdrop
path=/var/spool/postfix /public/pickup dev=dm-0 ino=4032604
scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=fifo_file
Feb 26 03:58:11 mail kernel: audit(1109361491.038:0): avc: denied {
write } for pid=11106 exe=/usr/sbin/postdrop name=pickup dev=dm-0
ino= 4032604 scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=fifo_file
Ok I built selinux-policy-targeted-1.17.30-2.85 on
ftp://people.redhat.com/dwalsh/SELinux/FC3
Try that one out.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
