Richard Hally wrote:
when running strict policy on a fully updated rawhide, mozilla mail will not start when in enforcing mode of the strict policy.
Doing a setenforce 0 allows it to start.
(Note that the avc denied messages are only produce when in premissive mode)
Below are the AVC denied messages:
May 17 12:46:45 new2 kernel: audit(1116348405.108:0): avc: granted { setenforce } for scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
May 17 12:46:45 new2 dbus: avc: received setenforce notice (enforcing=0)
May 17 12:46:45 new2 dbus: avc: received setenforce notice (enforcing=0)
May 17 12:46:56 new2 kernel: audit(1116348416.169:0): avc: denied { name_connect } for dest=110 scontext=richard:staff_r:staff_mozilla_t tcontext=system_u:object_r:pop_port_t tclass=tcp_socket
May 17 12:46:56 new2 kernel: audit(1116348416.902:0): avc: denied { getattr }
for name=/ dev=dm-0 ino=2 scontext=richard:staff_r:staff_mozilla_t tcontext=system_u:object_r:fs_t tclass=filesystem
May 17 12:47:45 new2 kernel: audit(1116348465.718:0): avc: granted { setenforce } for scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
May 17 12:47:45 new2 dbus: avc: received setenforce notice (enforcing=1)
May 17 12:47:45 new2 dbus: avc: received setenforce notice (enforcing=1)
Yes use thunderbird . :^)
Problem is we are trying to lock down Firefox with Mozilla policy, and mozilla mail is going away. Can you just add a name_connect
rule.
Dan
HTH Richard Hally
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
