Running Rawhide, targeted/enforcing.
Notice this in /var/log/audit/audit.log:
type=AVC msg=audit(1188316403.485:16): avc: denied { create } for
pid=2704 comm="newaliases" name="aliases.db"
scontext=system_u:system_r:sendmail_t:s0
tcontext=system_u:object_r:etc_aliases_t:s0 tclass=file
type=SYSCALL msg=audit(1188316403.485:16): arch=40000003 syscall=5
success=no exit=-13 a0=bfa8ddd8 a1=c2 a2=1a0 a3=c2 items=0 ppid=2691
pid=2704 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51
sgid=51 fsgid=51 tty=(none) comm="newaliases"
exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:sendmail_t:s0
key=(null)
Looks like it is occurring when sendmail gets started during boot.
Running /usr/bin/newalises manually at root console works with no
AVCs, but leaves /etc/aliases.db with the 'wrong' label:
[root@localhost ~]# ls -Zl /etc/alia*
-rw-r--r-- 1 system_u:object_r:etc_aliases_t root root 1512
2005-04-25 09:48 /etc/aliases
-rw-r----- 1 system_u:object_r:etc_t root smmsp 12288
2007-08-28 10:27 /etc/aliases.db
[root@localhost ~]# restorecon -v /etc/alias*
restorecon reset /etc/aliases.db context
system_u:object_r:etc_t:s0->system_u:object_r:etc_aliases_t:s0
[root@localhost ~]#
Should /etc/init.d/sendmail fix the label after running newalises?
tom
--
Tom London
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
