avc Dead-Letter? Fedora 10
Daniel J Walsh
dwalsh at redhat.com
Sun Jan 4 19:35:49 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frank Murphy wrote:
> This is the first Fedora I've come across a files called dead-letter.
> I don't use sendmail, exim is installed, if relevant.
>
>
> Summary:
>
> SELinux is preventing the sendmail from using potentially mislabeled files
> (./dead.letter).
>
> Detailed Description:
>
> SELinux has denied sendmail access to potentially mislabeled file(s)
> (./dead.letter). This means that SELinux will not allow sendmail to use
> these
> files. It is common for users to edit files in their home directory or tmp
> directories and then move (mv) them to system directories. The problem
> is that
> the files end up with the wrong file context which confined applications
> are not
> allowed to access.
>
> Allowing Access:
>
> If you want sendmail to access this files, you need to relabel them using
> restorecon -v './dead.letter'. You might want to relabel the entire
> directory
> using restorecon -R -v './dead.letter'.
>
> Additional Information:
>
> Source Context system_u:system_r:logwatch_t:s0
> Target Context system_u:object_r:admin_home_t:s0
> Target Objects ./dead.letter [ dir ]
> Source sendmail
> Source Path /usr/sbin/ssmtp
> Port <Unknown>
> Host frank01.frankly3d.local
> Source RPM Packages ssmtp-2.61-11.7.fc10
> Target RPM Packages
> Policy RPM selinux-policy-3.5.13-34.fc10
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name home_tmp_bad_labels
> Host Name frank01.frankly3d.local
> Platform Linux frank01.frankly3d.local
> 2.6.27.9-159.fc10.i686 #1 SMP Tue Dec 16
> 15:12:04
> EST 2008 i686 i686
> Alert Count 1
> First Seen Sun 28 Dec 2008 12:18:46 GMT
> Last Seen Sun 28 Dec 2008 12:18:46 GMT
> Local ID 6feff0bd-d81b-472e-8c9b-a4538c69479f
> Line Numbers
>
> Raw Audit Messages
>
> node=frank01.frankly3d.local type=AVC msg=audit(1230466726.28:154): avc:
> denied { add_name } for pid=4443 comm="sendmail" name="dead.letter"
> scontext=system_u:system_r:logwatch_t:s0
> tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
>
> node=frank01.frankly3d.local type=SYSCALL msg=audit(1230466726.28:154):
> arch=40000003 syscall=5 success=no exit=-13 a0=97312d0 a1=441 a2=1b6
> a3=440 items=0 ppid=4311 pid=4443 auid=4294967295 uid=0 gid=0 euid=0
> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
> comm="sendmail" exe="/usr/sbin/ssmtp"
> subj=system_u:system_r:logwatch_t:s0 key=(null)
>
>
> ====================================================
> Dead-Letter contents
> ====================================================
>
> /etc/cron.daily/0logwatch:
>
> sendmail: Cannot open mail:25
> /etc/cron.daily/rkhunter:
>
> send-mail: Cannot open mail:25
> send-mail: Cannot open mail:25
>
>
> /bin/sh: opt/f-prot/fpscan: No such file or directory
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
The problem here looks like logwatch did not transition to system_mail_t
when running sendmail.
What sendmail is it running and what is it labeled?
ls -lZ PATHTO/sendmail?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAklhD5UACgkQrlYvE4MpobN8XwCfY42dNSXVk5WePCDzLsmsfTdW
JJ4Anj6+t0ASCv895udBKMkVfzZx4P4G
=DK93
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list