procmail vs amanda selinux hits

Gene Heskett gene.heskett at verizon.net
Wed Jan 16 13:33:06 UTC 2008 

Greetings;

At about the time the backup program amanda is due to send me an email, I'm 
getting popups from selinux.

Amanda is at times trying to send the user gene an email, some of which I do 
get, but:

>From setroubleshoot:
SUMMARY
SELinux is preventing /usr/bin/procmail (procmail_t) "search" to (var_log_t).

Detailed Description
SELinux denied access requested by /usr/bin/procmail. It is not expected that 
this access is required by /usr/bin/procmail and this access may signal an 
intrusion attempt. It is also possible that the specific version or 
configuration of the application is causing it to require additional access.

Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to 
restore the default system file context for , restorecon -v If this does not 
work, there is currently no automatic way to allow this access. Instead, you 
can generate a local policy module to allow this access - see FAQ Or you can 
disable SELinux protection altogether. Disabling SELinux protection is not 
recommended. Please file a bug report against this package.
=====================================
Note the space before the comma above, is a name missing?
Also I have not done the restorecon -v as I've used the advice from 
setroubleshooter to clear a goodly number of squawks.
=====================================
Additional Information
Source Context:  system_u:system_r:procmail_t:s0
Target Context:  system_u:object_r:var_log_t:s0
Target Objects:  None [ dir ]
Affected RPM Packages:  procmail-3.22-20.fc8 [application]
Policy RPM:  selinux-policy-3.0.8-74.fc8Selinux 
Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  plugins.catchall_file
Host Name:  coyote.coyote.den
Platform:  Linux coyote.coyote.den 2.6.24-rc7 #1 SMP Mon Jan 14 10:00:40 EST 
2008 i686 athlon
Alert Count:  26
First Seen:  Wed 09 Jan 2008 05:09:14 AM EST
Last Seen:  Wed 16 Jan 2008 05:09:15 AM EST
Local ID:  bfec6c3c-7d3b-47f7-9174-a2251b12534a
Line Numbers:  
Raw Audit Messages :avc: denied { search } for comm=procmail dev=dm-0 egid=500 
euid=500 exe=/usr/bin/procmail exit=-13 fsgid=500 fsuid=500 gid=500 items=0 
name=log pid=15219 scontext=system_u:system_r:procmail_t:s0 sgid=0 
subj=system_u:system_r:procmail_t:s0 suid=500 tclass=dir 
tcontext=system_u:object_r:var_log_t:s0 tty=(none) uid=500

Comments people?

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
It is better for civilization to be going down the drain than to be 
coming up it.
		-- Henry Allen

More information about the fedora-selinux-list mailing list