yum-cron fails trying to mail a temporary file
Vadym Chepkov
chepkov at yahoo.com
Sat Jan 24 15:18:10 UTC 2009
I got an interesting denial which took me a bit to figure out.
type=AVC msg=audit(1232788787.310:1787): avc: denied { read } for pid=9836 comm="mail" path="/var/run/yum-cron.EHQJws" dev=dm-3 ino=77843 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_var_run_t:s0 tclass=file
It comes from yum-cron package. What happens is a script starts from cron and creates a temporary file which inherits directory security context. Later it mails it using redirection syntax:
"mail $MAILTO < $YUMTMP"
mailx transitions to system_mail_t and is denied to read such a temporary file.
I don't think this is a unique script that has similar logic and I suspect some other directory needs to be used, but I didn't find any suitable in sources/sendmail.fc and before I create new type/directory I would like to know maybe there is more proper way to handle cases like this?
Thank you.
Sincerely yours,
Vadym Chepkov
More information about the fedora-selinux-list
mailing list