Fedora 9 SELinux is preventing sendmail (exim_t) "getattr" to pipe (system_crond_t)

Frank Murphy frankly3d at gmail.com
Sat Jun 28 10:11:25 UTC 2008 

I think this has to do with exim trying to send logs?
Should I actually bug-report?
or just use the 
audit2allow -M local < /tmp/avcs

Frank

Summary:

SELinux is preventing sendmail (exim_t) "getattr" to pipe
(system_crond_t).

Detailed Description:

SELinux denied access requested by sendmail. It is not expected that
this access
is required by sendmail and this access may signal an intrusion attempt.
It is
also possible that the specific version or configuration of the
application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:exim_t:s0
Target Context                system_u:system_r:system_crond_t:s0
Target Objects                pipe [ fifo_file ]
Source                        sendmail
Source Path                   /usr/sbin/exim
Port                          <Unknown>
Host                          frank-01
Source RPM Packages           exim-4.69-4.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-69.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     frank-01
Platform                      Linux frank-01 2.6.25.6-55.fc9.i686 #1 SMP
Tue Jun
                              10 16:27:49 EDT 2008 i686 i686
Alert Count                   3
First Seen                    Sat 28 Jun 2008 11:01:27 IST
Last Seen                     Sat 28 Jun 2008 11:01:27 IST
Local ID                      675df78e-7627-418a-8d0b-2f9943cd7033
Line Numbers                  

Raw Audit Messages            

host=frank-01 type=AVC msg=audit(1214647287.324:61): avc:  denied
{ getattr } for  pid=16267 comm="sendmail" path="pipe:[94447]"
dev=pipefs ino=94447 scontext=system_u:system_r:exim_t:s0
tcontext=system_u:system_r:system_crond_t:s0 tclass=fifo_file

host=frank-01 type=SYSCALL msg=audit(1214647287.324:61): arch=40000003
syscall=197 success=no exit=-13 a0=1 a1=bf812f64 a2=981ff4 a3=b805d84c
items=0 ppid=1 pid=16267 auid=4294967295 uid=93 gid=93 euid=93 suid=93
fsuid=93 egid=93 sgid=93 fsgid=93 tty=(none) ses=4294967295
comm="sendmail" exe="/usr/sbin/exim" subj=system_u:system_r:exim_t:s0
key=(null)

More information about the fedora-selinux-list mailing list