avc Dead-Letter? Fedora 10

Frank Murphy frankly3d at fedoraproject.org
Sun Dec 28 12:26:56 UTC 2008 

This is the first Fedora I've come across a files called dead-letter.
I don't use sendmail, exim is installed, if relevant.


Summary:

SELinux is preventing the sendmail from using potentially mislabeled files
(./dead.letter).

Detailed Description:

SELinux has denied sendmail access to potentially mislabeled file(s)
(./dead.letter). This means that SELinux will not allow sendmail to use
these
files. It is common for users to edit files in their home directory or tmp
directories and then move (mv) them to system directories. The problem
is that
the files end up with the wrong file context which confined applications
are not
allowed to access.

Allowing Access:

If you want sendmail to access this files, you need to relabel them using
restorecon -v './dead.letter'. You might want to relabel the entire
directory
using restorecon -R -v './dead.letter'.

Additional Information:

Source Context                system_u:system_r:logwatch_t:s0
Target Context                system_u:object_r:admin_home_t:s0
Target Objects                ./dead.letter [ dir ]
Source                        sendmail
Source Path                   /usr/sbin/ssmtp
Port                          <Unknown>
Host                          frank01.frankly3d.local
Source RPM Packages           ssmtp-2.61-11.7.fc10
Target RPM Packages
Policy RPM                    selinux-policy-3.5.13-34.fc10
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   home_tmp_bad_labels
Host Name                     frank01.frankly3d.local
Platform                      Linux frank01.frankly3d.local
                              2.6.27.9-159.fc10.i686 #1 SMP Tue Dec 16
15:12:04
                              EST 2008 i686 i686
Alert Count                   1
First Seen                    Sun 28 Dec 2008 12:18:46 GMT
Last Seen                     Sun 28 Dec 2008 12:18:46 GMT
Local ID                      6feff0bd-d81b-472e-8c9b-a4538c69479f
Line Numbers

Raw Audit Messages

node=frank01.frankly3d.local type=AVC msg=audit(1230466726.28:154): avc:
 denied  { add_name } for  pid=4443 comm="sendmail" name="dead.letter"
scontext=system_u:system_r:logwatch_t:s0
tcontext=system_u:object_r:admin_home_t:s0 tclass=dir

node=frank01.frankly3d.local type=SYSCALL msg=audit(1230466726.28:154):
arch=40000003 syscall=5 success=no exit=-13 a0=97312d0 a1=441 a2=1b6
a3=440 items=0 ppid=4311 pid=4443 auid=4294967295 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="sendmail" exe="/usr/sbin/ssmtp"
subj=system_u:system_r:logwatch_t:s0 key=(null)


====================================================
Dead-Letter contents
====================================================

/etc/cron.daily/0logwatch:

sendmail: Cannot open mail:25
/etc/cron.daily/rkhunter:

send-mail: Cannot open mail:25
send-mail: Cannot open mail:25


/bin/sh: opt/f-prot/fpscan: No such file or directory

More information about the fedora-selinux-list mailing list