sendmail avc's - on a system upgraded from f7 to f8 - in <Unknown>
Paul Howarth
paul at city-fan.org
Mon Feb 4 23:54:16 UTC 2008
On Tue, 05 Feb 2008 08:23:43 +1100
David Timms <dtimms at iinet.net.au> wrote:
> Daniel J Walsh wrote:
> > David Timms wrote:
> >> AFAICS, I haven't made any configs to sendmail, yet I've started
> >> to get lots of AVC warnings in setroubleshoot, of three particular
> >> types:
> >>
> >> 1:========
> >> Summary
> >> SELinux is preventing the /usr/sbin/sendmail.sendmail from using
> >> potentially mislabeled files (<Unknown>).
> >>
> >> Detailed Description
> >> SELinux has denied /usr/sbin/sendmail.sendmail access to
> >> potentially mislabeled file(s) (<Unknown>). This means that
> >> SELinux will not allow
>
> > A postinstall script has ruined the labeling on your /etc/services
> > file.
> >
> > # restorecon -v /etc/services
> > will fix
> # ls -lZ /etc/services
> -rw-r--r-- root root
> unconfined_u:object_r:rpm_script_tmp_t /etc/services Yes, you are
> correct.
>
> # restorecon -v /etc/services
> restorecon reset /etc/services context
> unconfined_u:object_r:rpm_script_tmp_t:s0->system_u:object_r:etc_t:s0
>
> I guess experience rather than reading the troubleshoot message led
> you to /etc/services ?
>
> > If you any idea which rpm did this. I would like to know.
> yum.logs--- I'l try to narrow it down, not sure how. I can't
> remember now exactly what I was doing around the date that it started
> occurring. ===
Might you have installed VMware? Mangling the context of /etc/services
to rpm_script_tmp_t is a long-standing bug in the VMware package
scripts.
Paul.
More information about the fedora-selinux-list
mailing list