-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Timms wrote: > Daniel J Walsh wrote: >> David Timms wrote: >>> AFAICS, I haven't made any configs to sendmail, yet I've started to get >>> lots of AVC warnings in setroubleshoot, of three particular types: >>> >>> 1:======== >>> Summary >>> SELinux is preventing the /usr/sbin/sendmail.sendmail from using >>> potentially mislabeled files (<Unknown>). >>> >>> Detailed Description >>> SELinux has denied /usr/sbin/sendmail.sendmail access to potentially >>> mislabeled file(s) (<Unknown>). This means that SELinux will not allow > >> A postinstall script has ruined the labeling on your /etc/services file. >> >> # restorecon -v /etc/services >> will fix > # ls -lZ /etc/services > -rw-r--r-- root root unconfined_u:object_r:rpm_script_tmp_t /etc/services > Yes, you are correct. > > # restorecon -v /etc/services > restorecon reset /etc/services context > unconfined_u:object_r:rpm_script_tmp_t:s0->system_u:object_r:etc_t:s0 > > I guess experience rather than reading the troubleshoot message led you > to /etc/services ? > >> Yes, although this is actually a bug in audit/setroubleshoot that is causing the target mislabeled file to be <Unknown> If the frame work had actually specified /etc/services, one of the plugins does a matchpatcon on the file and sees that the file context differs from the default and sets it correctly. Please report this as a bug on setroubleshoot and include the audit messages so we can see why setroubleshoot failed. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkeoZfQACgkQrlYvE4MpobMgHQCbBbgrBQjhwI3dXojEdKYrTTQP GlsAoN4cCSvxzyguO77FVmdQzR2NbHPf =knPX -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
