selinux-policy-3.5.13-46.fc10.noarch - slight hiccup!

[Mike Cloaked]

Tony Molloy wrote:
> 
> 
> I have to agree with Daniel here. I've just done an upgrade and rebooted 
> without any problems.
> 
> [molloyt at nogs ~]$ rpm -qa --last | grep selinux
> selinux-policy-targeted-3.5.13-46.fc10        Tue Mar  3 08:13:10 2009
> selinux-policy-3.5.13-46.fc10                 Tue Mar  3 08:12:51 2009
> 
> 

There are other problems now and it seems to depend on the setup on each
machine - on one machine I am now getting an avc denial with:

"Summary
SELinux is preventing procmail (procmail_t) "write" to ./tmp (usr_t). 
Detailed Description
SELinux denied access requested by procmail. It is not expected that this
access is required by procmail and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of
the application is causing it to require additional access. 
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for ./tmp, restorecon -v './tmp' If
this does not work, there is currently no automatic way to allow this
access. Instead, you can generate a local policy module to allow this access
- see FAQ Or you can disable SELinux protection altogether. Disabling
SELinux protection is not recommended. Please file a bug report against this
package. 
Additional Information
Source Context:  system_u:system_r:procmail_t:s0
Target Context:  system_u:object_r:usr_t:s0
Target Objects:  ./tmp [ dir ]
Source:  procmail
Source Path:  /usr/bin/procmail"

I have rebooted and I have restorecon -vR /home as user - and of course this
refers to ./tmp which is not in my home area so there is somewhere else that
there is a wrongly set tmp directory now - and I can't find it!

This is not good - really not good.
-- 
View this message in context: http://www.nabble.com/selinux-policy-3.5.13-46.fc10.noarch---slight-hiccup%21-tp22296524p22305312.html
Sent from the Fedora List mailing list archive at Nabble.com.