After yum upgrading from F7 to F8, I'm seeing alerts whenever
fetchmail brings in new mail, even after a complete relabelling of the
system:
Summary
SELinux is preventing sendmail (sendmail_t) "search" to <Unknown>
(unconfined_home_dir_t).
Detailed Description
SELinux denied access requested by sendmail. It is not expected that this
access is required by sendmail and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of
the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for <Unknown>, restorecon -v
<Unknown> If this does not work, there is currently no automatic way to
allow this access. Instead, you can generate a local policy module to allow
this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
Or you can disable SELinux protection altogether. Disabling SELinux
protection is not recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Additional Information
Source Context system_u:system_r:sendmail_t
Target Context unconfined_u:object_r:unconfined_home_dir_t
Target Objects None [ dir ]
Affected RPM Packages
Policy RPM selinux-policy-3.0.8-56.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name saintloup.smith.man.ac.uk
Platform Linux saintloup.smith.man.ac.uk 2.6.23.1-49.fc8 #1
SMP Thu Nov 8 22:14:09 EST 2007 x86_64 x86_64
Alert Count 18
First Seen Tue Nov 20 12:15:53 2007
Last Seen Tue Nov 20 12:30:59 2007
Local ID 3c789a3b-b8f8-4b21-a34a-bc198b90be73
Line Numbers
Raw Audit Messages
avc: denied { search } for comm=sendmail dev=dm-1 name=adam pid=5161
scontext=system_u:system_r:sendmail_t:s0 tclass=dir
tcontext=unconfined_u:object_r:unconfined_home_dir_t:s0
Summary
SELinux is preventing /usr/sbin/sendmail.sendmail (sendmail_t) "getattr" to
/home/adam (unconfined_home_dir_t).
Detailed Description
SELinux denied access requested by /usr/sbin/sendmail.sendmail. It is not
expected that this access is required by /usr/sbin/sendmail.sendmail and
this access may signal an intrusion attempt. It is also possible that the
specific version or configuration of the application is causing it to
require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for /home/adam, restorecon -v
/home/adam If this does not work, there is currently no automatic way to
allow this access. Instead, you can generate a local policy module to allow
this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
Or you can disable SELinux protection altogether. Disabling SELinux
protection is not recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Additional Information
Source Context system_u:system_r:sendmail_t
Target Context unconfined_u:object_r:unconfined_home_dir_t
Target Objects /home/adam [ dir ]
Affected RPM Packages sendmail-8.14.1-4.2.fc8 [application]
Policy RPM selinux-policy-3.0.8-56.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name saintloup.smith.man.ac.uk
Platform Linux saintloup.smith.man.ac.uk 2.6.23.1-49.fc8 #1
SMP Thu Nov 8 22:14:09 EST 2007 x86_64 x86_64
Alert Count 66
First Seen Tue Nov 20 12:15:53 2007
Last Seen Tue Nov 20 12:30:59 2007
Local ID a9ca1470-2510-4d05-baa4-48f8aa3b4474
Line Numbers
Raw Audit Messages
avc: denied { getattr } for comm=sendmail dev=dm-1 egid=500 euid=500
exe=/usr/sbin/sendmail.sendmail exit=-13 fsgid=500 fsuid=500 gid=500 items=0
path=/home/adam pid=5161 scontext=system_u:system_r:sendmail_t:s0 sgid=500
subj=system_u:system_r:sendmail_t:s0 suid=500 tclass=dir
tcontext=unconfined_u:object_r:unconfined_home_dir_t:s0 tty=(none) uid=0
I've not seen anything about sendmail in recent selinux-policy builds
- is something else wrong here?
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
