mailq.postfix.gz.1 incorrectly labeled in FC6T1
Paul Howarth
paul at city-fan.org
Fri Jul 14 06:59:29 UTC 2006
On Thu, 2006-07-13 at 19:44 -0500, Jay Cliburn wrote:
> After installing postfix under FC6T1, I kept getting this avc:
>
> audit(1152836951.218:8): avc: denied { getattr } for pid=3130
> comm="sh" name="mailq.postfix.1.gz" dev=dm-0 ino=1084752
> scontext=user_u:system_r:postfix_master_t:s0
> tcontext=system_u:object_r:man_t:s0 tclass=file
>
> It's a manpage and it looks to me like it came from the factory labeled
> incorrectly. A chcon to system_u:object_r:man_t seems to have fixed it.
This has been seen before on FC5:
http://www.redhat.com/archives/fedora-selinux-list/2006-June/msg00021.html
It appears to happen when postfix is started. The AVC suggests that the
manpage already has the correct context, and the strange thing is that
the postfix master program is tying to access it (why should that be?).
What did you change the context of, and what was it previously?
Paul.
More information about the fedora-selinux-list
mailing list