Weird selinux problem with sendmail
Paul Howarth
paul at city-fan.org
Mon Nov 26 17:49:51 UTC 2007
Knute Johnson wrote:
> I loaded F8 onto my old mail server computer and started to
> reassemble it. But I'm getting a strange message from sendmail and a
> selinux avc to go with it. I do not have a .forward file and I have
> an almost identical system running that doesn't have one either and
> doesn't give any errors. I don't know if this is a sendmail problem
> or a selinux problem. The mail comes and goes OK. Any ideas?
>
> Thanks,
>
> knute...
>
> Nov 25 00:32:39 www sendmail[7802]: lAP8Wche007801: forward
> /home/knute/.forward.www: Permission denied
> Nov 25 00:32:39 www sendmail[7802]: lAP8Wche007801: forward
> /home/knute/.forward: Permission denied
>
> Nov 25 00:40:55 www kernel: audit(1195980055.494:277): avc: denied
> { getattr } for pid=7949 comm="sendmail" path="/home/knute" dev=dm-0
> ino=262146 scontext=unconfined_u:system_r:sendmail_t:s0
> tcontext=unconfined_u:object_r:unconfined_home_dir_t:s0 tclass=dir
This looks to be sendmail checking to see if you have a .forward file
and getting an SELinux denial when it does so. Since you don't have one,
the failure doesn't have an impact.
I don't know where the unconfined_home_dir_t comes from though. I'm
running F8 with targeted policy and the home directories are
user_home_dir_t rather than unconfined_home_dir_t.
What's the output of:
# sestatus
and:
# ls -lZ /home/knute
and:
# restorecon -Fv /home/knute
Paul.
More information about the fedora-selinux-list
mailing list