Re: So just where is procmail_t allowed to write/create/rename etc?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 03/05/2010 07:20 PM, Daniel B. Thurman wrote:

> I get all sorts of procmail selinux issues (not to hijack this thread, 
> but might
> be related?).  Here is one of many:

This indicates to me that procmail may want to create objects in the
mqueue directory.

Can you reproduce this? Would be even better if you could do in
permissive mode so that we can see what else it wants.

We know it wants to write to the mqueue dir, question is: for what
purpose. Does it want to create something there and why?

> =================================================
> 
> Summary:
> 
> SELinux is preventing /usr/bin/procmail "write" access on /var/spool/mqueue.
> 
> Detailed Description:
> 
> SELinux denied access requested by procmail. It is not expected that 
> this access
> is required by procmail and this access may signal an intrusion attempt. 
> It is
> also possible that the specific version or configuration of the 
> application is
> causing it to require additional access.
> 
> Allowing Access:
> 
> You can generate a local policy module to allow this access - see FAQ
> (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
> report.
> 
> Additional Information:
> 
> Source Context                system_u:system_r:procmail_t:s0
> Target Context                system_u:object_r:mqueue_spool_t:s0
> Target Objects                /var/spool/mqueue [ dir ]
> Source                        procmail
> Source Path                   /usr/bin/procmail
> Port <Unknown>
> Host                          host.domain.com
> Source RPM Packages           procmail-3.22-25.fc12
> Target RPM Packages           sendmail-8.14.3-8.fc12
> Policy RPM                    selinux-policy-3.6.32-89.fc12
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     host.domain.com
> Platform                      Linux host.domain.com 
> 2.6.31.12-174.2.22.fc12.i686
>                                #1 SMP Fri Feb 19 19:26:06 UTC 2010 i686 i686
> Alert Count                   9
> First Seen                    Tue 02 Mar 2010 03:12:16 AM PST
> Last Seen                     Tue 02 Mar 2010 05:13:03 AM PST
> Local ID                      5c68ab75-d7e0-4e2d-b380-857eb7e33c68
> Line Numbers
> 
> Raw Audit Messages
> 
> node=host.domain.com type=AVC msg=audit(1267535583.841:38780): avc: 
> denied  { write } for  pid=12554 comm="procmail" name="mqueue" dev=sdb8 
> ino=29627 scontext=system_u:system_r:procmail_t:s0 
> tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=dir
> 
> node=host.domain.com type=SYSCALL msg=audit(1267535583.841:38780): 
> arch=40000003 syscall=5 success=no exit=-13 a0=92f6d68 a1=8441 a2=1b7 
> a3=1b7 items=0 ppid=12553 pid=12554 auid=4294967295 uid=0 gid=12 euid=0 
> suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 
> comm="procmail" exe="/usr/bin/procmail" 
> subj=system_u:system_r:procmail_t:s0 key=(null)
> 
> 
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux

Attachment: signature.asc
Description: OpenPGP digital signature

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux