SELinux and Bugzilla

Pedro Silva <psilva@xxxxxxxxxxxxxxxx> · Fri, 24 Aug 2007 16:56:58 -0300

This happened today
after a system upgrade.

This is a Fedora 7 system.

Bugzilla no longer is able to send mail.

"fixfiles restore /" did not resolve the issue.

After running fixfiles, audit.log says:

type=AVC msg=audit(1187973575.010:4102): avc:  denied  { create } for 
pid=4381 comm="sendmail"
scontext=root:system_r:httpd_bugzilla_script_t:s0
tcontext=root:system_r:httpd_bugzilla_script_t:s0
tclass=unix_dgram_socket

type=SYSCALL msg=audit(1187973575.010:4102): arch=40000003 syscall=102
success=no exit=-13 a0=1 a1=bff16e4c a2=6edff4 a3=1 items=0 ppid=4379
pid=4381 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 tty=(none) comm="sendmail" exe="/usr/sbin/sendmail.postfix"
subj=root:system_r:httpd_bugzilla_script_t:s0 key=(null)

type=AVC msg=audit(1187973575.010:4103): avc:  denied  { search } for 
pid=4381 comm="sendmail" name="postfix" dev=dm-0 ino=1244012
scontext=root:system_r:httpd_bugzilla_script_t:s0
tcontext=system_u:object_r:postfix_etc_t:s0 tclass=dir

type=SYSCALL msg=audit(1187973575.010:4103): arch=40000003 syscall=5
success=no exit=-13 a0=816576f8 a1=0 a2=0 a3=0 items=0 ppid=4379
pid=4381 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 tty=(none) comm="sendmail" exe="/usr/sbin/sendmail.postfix"
subj=root:system_r:httpd_bugzilla_script_t:s0 key=(null)

type=AVC msg=audit(1187973575.010:4104): avc:  denied  { create } for 
pid=4381 comm="sendmail"
scontext=root:system_r:httpd_bugzilla_script_t:s0
tcontext=root:system_r:httpd_bugzilla_script_t:s0
tclass=unix_dgram_socket

type=SYSCALL msg=audit(1187973575.010:4104): arch=40000003 syscall=102
success=no exit=-13 a0=1 a1=bff16c28 a2=6edff4 a3=14 items=0 ppid=4379
pid=4381 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 tty=(none) comm="sendmail" exe="/usr/sbin/sendmail.postfix"
subj=root:system_r:httpd_bugzilla_script_t:s0 key=(null)

Changing enforcement to "permissive" restored the funcionality.

This system uses Postfix instead of Sendmail.

-- 

Pedro Silva

Especialista
de Desenvolvimento

(21) 4501 1026

Certisign Certificadora
Digital

certisign.com.br

Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list