Re: New procmail avc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 06/17/2016 02:34 AM, Robert Nichols wrote:
> On 06/13/2016 09:44 PM, David Highley wrote:
>> Should we file a report on the issue below?
>>
>> time->Mon Jun 13 08:50:37 2016
>> type=AVC msg=audit(1465833037.215:3116): avc:  denied  { create } for
>> pid=5356 comm="procmail" name="_sTB.NZtXXB.douglas"
>> scontext=system_u:system_r:procmail_t:s0
>> tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
>> ----
>> time->Mon Jun 13 08:50:37 2016
>> type=AVC msg=audit(1465833037.215:3117): avc:  denied  { create } for
>> pid=5356 comm="procmail" name="spamlog"
>> scontext=system_u:system_r:procmail_t:s0
>> tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
>> ----
>> time->Mon Jun 13 08:50:37 2016
>> type=AVC msg=audit(1465833037.215:3118): avc:  denied  { create } for
>> pid=5356 comm="procmail" name="_sTB,NZtXXB.douglas"
>> scontext=system_u:system_r:procmail_t:s0
>> tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
>> ----
>> time->Mon Jun 13 08:50:37 2016
>> type=AVC msg=audit(1465833037.215:3119): avc:  denied  { create } for
>> pid=5356 comm="procmail" name="spamlog"
>> scontext=system_u:system_r:procmail_t:s0
>> tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
>> -- 
>> selinux mailing list
>> selinux@xxxxxxxxxxxxxxxxxxxxxxx
>> https://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
>>
> 
> Here's a 6-year-old thread discussing this same issue. Apparently it's
> still unresolved since I'm still using the local policy mentioned in the
> thread.

It is a valid point. Previously, we was not able to fix it in an easy
way. Currently, we have filename transitions rules where we can define
file type transitions for specific files or directories.

Thank you.

> 
> https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx/thread/XEFMGBHPWHLCZWB6EE3JYVRJZKQBN4H2/#XEFMGBHPWHLCZWB6EE3JYVRJZKQBN4H2
> 
> 


-- 
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux