procmail vs amanda selinux hits

Wed Jan 16 13:58:39 UTC 2008

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gene Heskett wrote:
> Greetings;
> 
> At about the time the backup program amanda is due to send me an email, I'm 
> getting popups from selinux.
> 
> Amanda is at times trying to send the user gene an email, some of which I do 
> get, but:
> 
>>From setroubleshoot:
> SUMMARY
> SELinux is preventing /usr/bin/procmail (procmail_t) "search" to (var_log_t).
> 
> Detailed Description
> SELinux denied access requested by /usr/bin/procmail. It is not expected that 
> this access is required by /usr/bin/procmail and this access may signal an 
> intrusion attempt. It is also possible that the specific version or 
> configuration of the application is causing it to require additional access.
> 
> Allowing Access
> Sometimes labeling problems can cause SELinux denials. You could try to 
> restore the default system file context for , restorecon -v If this does not 
> work, there is currently no automatic way to allow this access. Instead, you 
> can generate a local policy module to allow this access - see FAQ Or you can 
> disable SELinux protection altogether. Disabling SELinux protection is not 
> recommended. Please file a bug report against this package.
> =====================================
> Note the space before the comma above, is a name missing?
> Also I have not done the restorecon -v as I've used the advice from 
> setroubleshooter to clear a goodly number of squawks.
> =====================================
> Additional Information
> Source Context:  system_u:system_r:procmail_t:s0
> Target Context:  system_u:object_r:var_log_t:s0
> Target Objects:  None [ dir ]
> Affected RPM Packages:  procmail-3.22-20.fc8 [application]
> Policy RPM:  selinux-policy-3.0.8-74.fc8Selinux 
> Enabled:  True
> Policy Type:  targeted
> MLS Enabled:  True
> Enforcing Mode:  Enforcing
> Plugin Name:  plugins.catchall_file
> Host Name:  coyote.coyote.den
> Platform:  Linux coyote.coyote.den 2.6.24-rc7 #1 SMP Mon Jan 14 10:00:40 EST 
> 2008 i686 athlon
> Alert Count:  26
> First Seen:  Wed 09 Jan 2008 05:09:14 AM EST
> Last Seen:  Wed 16 Jan 2008 05:09:15 AM EST
> Local ID:  bfec6c3c-7d3b-47f7-9174-a2251b12534a
> Line Numbers:  
> Raw Audit Messages :avc: denied { search } for comm=procmail dev=dm-0 egid=500 
> euid=500 exe=/usr/bin/procmail exit=-13 fsgid=500 fsuid=500 gid=500 items=0 
> name=log pid=15219 scontext=system_u:system_r:procmail_t:s0 sgid=0 
> subj=system_u:system_r:procmail_t:s0 suid=500 tclass=dir 
> tcontext=system_u:object_r:var_log_t:s0 tty=(none) uid=500
> 
> Comments people?
> 
Should be allowed.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkeODY8ACgkQrlYvE4MpobPHKACcDKr66XLSfDV30clJPv1z1tJK
6E0AoOA5tGI518Ftz1r3/nfQrqDWh0HR
=RCOf
-----END PGP SIGNATURE-----