On Fri, 2006-07-14 at 07:59 +0100, Paul Howarth wrote:
> On Thu, 2006-07-13 at 19:44 -0500, Jay Cliburn wrote:
> > After installing postfix under FC6T1, I kept getting this avc:
> >
> > audit(1152836951.218:8): avc: denied { getattr } for pid=3130
> > comm="sh" name="mailq.postfix.1.gz" dev=dm-0 ino=1084752
> > scontext=user_u:system_r:postfix_master_t:s0
> > tcontext=system_u:object_r:man_t:s0 tclass=file
> >
> > It's a manpage and it looks to me like it came from the factory labeled
> > incorrectly. A chcon to system_u:object_r:man_t seems to have fixed it.
>
> This has been seen before on FC5:
>
> http://www.redhat.com/archives/fedora-selinux-list/2006-June/msg00021.html
>
> It appears to happen when postfix is started. The AVC suggests that the
> manpage already has the correct context, and the strange thing is that
> the postfix master program is tying to access it (why should that be?).
So the "tcontext" in the AVC message indicates the current context of
the file called out in "name"?
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
