procmail-related selinux messages

Russell Coker russell at coker.com.au
Mon Apr 12 08:47:52 UTC 2004 

On Mon, 12 Apr 2004 02:23, Thomas Molina <tmolina at cablespeed.com> wrote:
> I made a fresh install of Fedora Core 2 test 2, and fully updated
> everything.  All the files have been relabled and most/all of my normal
> programs are set up for the new environment.
>
> I am running this on an A7V133 with an AthlonXP 2100 CPU.
>
> On this system I run fetchmail as a daemon.  Mail is delivered using
> sendmail with procmail recipes.  I would like to adjust policy to deal
> with the following messages whenever mail is retrieved.
>
> Apr 11 11:51:52 dad kernel: audit(1081698712.748:0): avc:  denied  {
> search } for  pid=2915 exe=/usr/bin/procmail name=mqueue dev=hda1
> ino=819317 scontext=system_u:system_r:procmail_t
> tcontext=system_u:object_r:mqueue_spool_t tclass=dir

Why would procmail want to access /var/spool/mqueue?  Unless that happens to 
be the current directory at the time sendmail exec's procmail I can't think 
of any reason for procmail to want access to it.

> Apr 11 11:51:52 dad kernel: audit(1081698712.749:0): avc:  denied  { write
> } for  pid=2915 exe=/usr/bin/procmail name=mqueue dev=hda1 ino=819317
> scontext=system_u:system_r:procmail_t
> tcontext=system_u:object_r:mqueue_spool_t tclass=dir

This seems bogus to me.  I don't think that this is right at all.  I welcome 
input from a Sendmail expert, but I can't imagine how it can be good for 
procmail to create files in the Sendmail queue directory.


PS  Jens, he is running in permissive mode.  If in enforcing mode denying 
"search" and "write" access to the directory would prevent creating a file, 
and you would not see any messages such as the one below:

> Apr 11 11:51:52 dad kernel: audit(1081698712.749:0): avc:  denied  { 
> create } for  pid=2915 exe=/usr/bin/procmail name=_jt.YmWeAB.dad 
> scontext=system_u:system_r:procmail_t 
> tcontext=system_u:object_r:mqueue_spool_t tclass=file

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

More information about the fedora-test-list mailing list