SELinux Exim Problem
Gordon Messmer
yinyang at eburg.com
Thu Sep 10 02:22:43 UTC 2009
On 09/09/2009 02:56 AM, John Horne wrote:
> On Wed, 2009-09-09 at 12:21 +0530, Didar Hossain wrote:
>
>>
>> But, why check "/boot"? As far as I understood from the statvfs(2), it
>> accepts a path to get the information. "/boot" is not something that
>> Exim will use as a spool directory. Or am I missing something!?
>>
> As said, because /boot is a separate partition. Statvfs looks at all the
> partitions, not just the one containing the path, as far as I can tell
> (look at strace output and you will see /proc/mounts being checked, and
> then a stat of each partition).
Right. IIRC, because some elements of the path may be symlinks or bind
mounts, statvfs will stat() the path argument, and then stat() each
filesystem in /proc/mounts. It will compare the st_dev elements of each
filesystem listed to the st_dev from the path in order to determine
which fs actually contains the path argument.
The question I'd ask is why exim is using statvfs() instead of statfs().
> The system is looking at /boot, but for some reason it is throwing up an
> selinux error. That's the bit I don't understand (unless the 'boot_t'
> context is somewhat specific about who can look at /boot, but then why
> aren't errors shown if I simply try and do 'ls -l /boot'?).
>
That would be because exim is confined by policy and you are not.
More information about the fedora-list
mailing list