-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frank Murphy wrote:
> I have no idea which dir to relabel?
> and wouldl this dir relabel hold, after a full relabel?
>
> #locate comes up empty even after #updatedb
>
> $ rpm -qa | grep selinux
> selinux-policy-3.3.1-69.fc9.noarch
> libselinux-2.0.64-2.fc9.i386
> libselinux-python-2.0.64-2.fc9.i386
> selinux-policy-targeted-3.3.1-69.fc9.noarch
>
>
> -----------------------------------------------------------------------
>
> Summary:
>
> SELinux is preventing the sendmail from using potentially mislabeled
> files
> (2F746D702F52734B6B436E774F202864656C6574656429).
>
> Detailed Description:
>
> SELinux has denied sendmail access to potentially mislabeled file(s)
> (2F746D702F52734B6B436E774F202864656C6574656429). This means that
> SELinux will
> not allow sendmail to use these files. It is common for users to edit
> files in
> their home directory or tmp directories and then move (mv) them to
> system
> directories. The problem is that the files end up with the wrong file
> context
> which confined applications are not allowed to access.
>
> Allowing Access:
>
> If you want sendmail to access this files, you need to relabel them
> using
> restorecon -v '2F746D702F52734B6B436E774F202864656C6574656429'. You
> might want
> to relabel the entire directory using restorecon -R -v ''.
>
> Additional Information:
>
> Source Context system_u:system_r:exim_t:s0
> Target Context system_u:object_r:system_mail_tmp_t:s0
> Target Objects
> 2F746D702F52734B6B436E774F202864656C6574656429 [
> file ]
> Source sendmail
> Source Path /usr/sbin/exim
> Port <Unknown>
> Host frank-01
> Source RPM Packages exim-4.69-4.fc9
> Target RPM Packages
> Policy RPM selinux-policy-3.3.1-69.fc9
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name home_tmp_bad_labels
> Host Name frank-01
> Platform Linux frank-01 2.6.25.6-55.fc9.i686 #1 SMP
> Tue Jun
> 10 16:27:49 EDT 2008 i686 i686
> Alert Count 1
> First Seen Tue 01 Jul 2008 15:22:49 IST
> Last Seen Tue 01 Jul 2008 15:22:49 IST
> Local ID baefd44f-8e96-4353-8db7-badf98ef6335
> Line Numbers
>
> Raw Audit Messages
>
> host=frank-01 type=AVC msg=audit(1214922169.332:32): avc: denied
> { read } for pid=11248 comm="sendmail"
> path=2F746D702F52734B6B436E774F202864656C6574656429 dev=dm-0 ino=34537
> scontext=system_u:system_r:exim_t:s0
> tcontext=system_u:object_r:system_mail_tmp_t:s0 tclass=file
>
> host=frank-01 type=SYSCALL msg=audit(1214922169.332:32): arch=40000003
> syscall=11 success=yes exit=0 a0=8058e0b a1=9eb060c a2=bf93c6e8
> a3=9eb060c items=0 ppid=11247 pid=11248 auid=4294967295 uid=0 gid=0
> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
> comm="sendmail" exe="/usr/sbin/exim" subj=system_u:system_r:exim_t:s0
> key=(null)
>
>
>
This is actually a bug in policy, and setroubleshoot should have told
you to use audit2allow to allow it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkhtHeMACgkQrlYvE4MpobMgFQCfdGq2S5vm9RpX+qJlwJTAVXnQ
k6wAoK0Grmrl8OsrCKUu/AQKt6KwkgPr
=ndY1
-----END PGP SIGNATURE-----
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
