-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/10/2010 09:38 AM, m.roth@xxxxxxxxx wrote: > The last few days - I think there was a policy update to FC13 - I started > seeing > /etc/cron.daily/0logwatch: >> >> Can't exec "sendmail": Permission denied at /usr/sbin/logwatch line >> 1032, <TESTFILE> line 2. >> Can't execute sendmail -t: Permission denied > > Mentioned this to my manager, and he didn't see anything in messages, but > saw this audit message: > > type=SELINUX_ERR msg=audit(1281423963.394:71003): > security_compute_sid: invalid context > system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 for > scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=process > > Why would a policy prevent logwatch from using sendmail to forward a log? > > mark > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > > It is a bug. Please update to the latest selinux-policy in testing yum update selinux-policy-targeted --enablerepo=updates-testing -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxhbP0ACgkQrlYvE4MpobPzxgCgjZLd8XzLtw3qMlgptsO8UCVz u6gAoNND4ZEqTCutI1U+5KmEhqSxuyas =nH9B -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
