Greetings;
The last policy update didn't fix my procmail problems yet, in fact it made
them worse cuz now I'm getting failure messages in its logfile that I wasn't
before.
procmail, setroubleshoot output:
Source Context: system_u:system_r:procmail_t:s0
Target Context: unconfined_u:object_r:var_log_t:s0
Target Objects: None [ file ]
Affected RPM Packages: procmail-3.22-20.fc8 [application]
Policy RPM: selinux-policy-3.0.8-74.fc8
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: plugins.mislabeled_file
Host Name: coyote.coyote.den
Platform: Linux coyote.coyote.den 2.6.24-rc8 #2 SMP Wed Jan 16 22:47:57 EST
2008 i686 athlon
Alert Count: 3
First Seen: Sat 19 Jan 2008 01:50:20 AM EST
Last Seen: Sat 19 Jan 2008 05:09:16 AM EST
Local ID: 3114f17d-0dc1-4453-ad4c-3b3548003cc4
Line Numbers: Raw
Audit Messages :
avc: denied { append } for comm=procmail dev=dm-0 egid=500 euid=500
exe=/usr/bin/procmail exit=-13 fsgid=500 fsuid=500 gid=500 items=0
name=procmail.log pid=10138 scontext=system_u:system_r:procmail_t:s0 sgid=0
subj=system_u:system_r:procmail_t:s0 suid=500 tclass=file
tcontext=unconfined_u:object_r:var_log_t:s0 tty=(none) uid=500
I note that the Last Seen time is before I did an autorelabel this morning.
And now, trying to setup squid, I'm failing that:
Source Context: system_u:system_r:squid_t:s0
Target Context: system_u:object_r:var_spool_t:s0
Target Objects: None [ dir ]
Affected RPM Packages: squid-2.6.STABLE17-1.fc8 [application]
Policy RPM: selinux-policy-3.0.8-74.fc8
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: plugins.mislabeled_file
Host Name: coyote.coyote.den
Platform: Linux coyote.coyote.den 2.6.24-rc8 #2 SMP Wed Jan 16 22:47:57 EST
2008 i686 athlon
Alert Count: 3
First Seen: Sat 19 Jan 2008 02:29:31 PM EST
Last Seen: Sat 19 Jan 2008 04:43:50 PM EST
Local ID: 1eb62793-1368-45b9-b0c0-c117f10dafd4
Line Numbers: Raw
Audit Messages :
avc: denied { write } for comm=squid dev=dm-0 egid=23 euid=23
exe=/usr/sbin/squid exit=-13 fsgid=23 fsuid=23 gid=23 items=0 name=squid
pid=17099 scontext=system_u:system_r:squid_t:s0 sgid=23
subj=system_u:system_r:squid_t:s0 suid=0 tclass=dir
tcontext=system_u:object_r:var_spool_t:s0 tty=pts9 uid=23
For squid, I hand made its parent /var/spool/squid dir, and chowned it to
squid:squid but the exact same failure occurs as it is trying to setup its
cache dirs within that dir, so I gave it up. Its logs gets a new stanza of
this:
squid: ERROR: No running copy
2008/01/19 14:29:31| Creating Swap Directories
FATAL: Failed to make swap directory /var/spool/squid/00: (13) Permission
denied
Squid Cache (Version 2.6.STABLE17): Terminated abnormally.
CPU Usage: 0.001 seconds = 0.001 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
for everytime I attempt a 'service squid start'
Can we make these work please? setroubleshooter's suggestions about running
restorecon are rather worthless without the rest of the command line as an
example cuz I have NDI what the file should be relabeled as.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
In my experience, if you have to keep the lavatory door shut by extending
your left leg, it's modern architecture.
-- Nancy Banks Smith
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
