Two SELINUX Problems with YP

Thomas J. Baker tjb at unh.edu
Mon May 23 15:13:45 UTC 2005 

Bugzilla keeps giving me blank pages when I try to submit a bug so I
thought I'd get these out here at least. Selinux is blocking dovecot and
saslauthd from authenticating yp users. The audit log looks like this:

type=SYSCALL msg=audit(1116857414.990:8599907): syscall=2 arch=c000003e success=no exit=-13 a0=7fffff875a10 a1=0 a2=15 a3=2aaaab38f9c0 items=1 pid=7267 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm=dovecot-auth exe=/usr/libexec/dovecot/dovecot-auth
type=PATH msg=audit(1116857414.990:8599907): item=0 name="/var/yp/binding/rcc.2" inode=1933353 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1116857414.990:8599914): avc:  denied  { create } for  scontext=root:system_r:dovecot_auth_t tcontext=root:system_r:dovecot_auth_t tclass=tcp_socket
type=SYSCALL msg=audit(1116857414.990:8599914): syscall=41 arch=c000003e success=no exit=-13 a0=2 a1=1 a2=6 a3=4 items=0 pid=7267 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm=dovecot-auth exe=/usr/libexec/dovecot/dovecot-auth
type=AVC msg=audit(1116857414.990:8599917): avc:  denied  { create } for  scontext=root:system_r:dovecot_auth_t tcontext=root:system_r:dovecot_auth_t tclass=tcp_socket
type=SYSCALL msg=audit(1116857414.990:8599917): syscall=41 arch=c000003e success=no exit=-13 a0=2 a1=1 a2=6 a3=4 items=0 pid=7267 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm=dovecot-auth exe=/usr/libexec/dovecot/dovecot-auth
type=AVC msg=audit(1116857414.991:8599934): avc:  denied  { search } for  name=yp dev=dm-0 ino=1933353 scontext=root:system_r:dovecot_auth_t tcontext=system_u:object_r:var_yp_t tclass=dir
type=SYSCALL msg=audit(1116857414.991:8599934): syscall=2 arch=c000003e success=no exit=-13 a0=7fffff875950 a1=0 a2=15 a3=0 items=1 pid=7267 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm=dovecot-auth exe=/usr/libexec/dovecot/dovecot-auth
type=PATH msg=audit(1116857414.991:8599934): item=0 name="/var/yp/binding/rcc.2" inode=1933353 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1116857414.991:8599947): avc:  denied  { create } for  scontext=root:system_r:dovecot_auth_t tcontext=root:system_r:dovecot_auth_t tclass=tcp_socket
type=SYSCALL msg=audit(1116857414.991:8599947): syscall=41 arch=c000003e success=no exit=-13 a0=2 a1=1 a2=6 a3=4 items=0 pid=7267 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm=dovecot-auth exe=/usr/libexec/dovecot/dovecot-auth
type=AVC msg=audit(1116857414.991:8599949): avc:  denied  { create } for  scontext=root:system_r:dovecot_auth_t tcontext=root:system_r:dovecot_auth_t tclass=tcp_socket
type=SYSCALL msg=audit(1116857414.991:8599949): syscall=41 arch=c000003e success=no exit=-13 a0=2 a1=1 a2=6 a3=4 items=0 pid=7267 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm=dovecot-auth exe=/usr/libexec/dovecot/dovecot-auth
type=AVC msg=audit(1116857427.100:8619891): avc:  denied  { search } for  name=yp dev=dm-0 ino=1933353 scontext=root:system_r:dovecot_auth_t tcontext=system_u:object_r:var_yp_t tclass=dir
type=SYSCALL msg=audit(1116857427.100:8619891): syscall=2 arch=c000003e success=no exit=-13 a0=7fffff875a10 a1=0 a2=15 a3=2aaaab38f9c0 items=1 pid=7277 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm=dovecot-auth exe=/usr/libexec/dovecot/dovecot-auth
type=PATH msg=audit(1116857427.100:8619891): item=0 name="/var/yp/binding/rcc.2" inode=1933353 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1116857427.100:8619892): avc:  denied  { create } for  scontext=root:system_r:dovecot_auth_t tcontext=root:system_r:dovecot_auth_t tclass=tcp_socket
type=SYSCALL msg=audit(1116857427.100:8619892): syscall=41 arch=c000003e success=no exit=-13 a0=2 a1=1 a2=6 a3=4 items=0 pid=7277 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm=dovecot-auth exe=/usr/libexec/dovecot/dovecot-auth
type=AVC msg=audit(1116857427.100:8619895): avc:  denied  { create } for  scontext=root:system_r:dovecot_auth_t tcontext=root:system_r:dovecot_auth_t tclass=tcp_socket
type=SYSCALL msg=audit(1116857427.100:8619895): syscall=41 arch=c000003e success=no exit=-13 a0=2 a1=1 a2=6 a3=4 items=0 pid=7277 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm=dovecot-auth exe=/usr/libexec/dovecot/dovecot-auth
type=AVC msg=audit(1116857427.100:8619906): avc:  denied  { search } for  name=yp dev=dm-0 ino=1933353 scontext=root:system_r:dovecot_auth_t tcontext=system_u:object_r:var_yp_t tclass=dir
type=SYSCALL msg=audit(1116857427.100:8619906): syscall=2 arch=c000003e success=no exit=-13 a0=7fffff875950 a1=0 a2=15 a3=0 items=1 pid=7277 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm=dovecot-auth exe=/usr/libexec/dovecot/dovecot-auth
type=PATH msg=audit(1116857427.100:8619906): item=0 name="/var/yp/binding/rcc.2" inode=1933353 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1116857427.100:8619907): avc:  denied  { create } for  scontext=root:system_r:dovecot_auth_t tcontext=root:system_r:dovecot_auth_t tclass=tcp_socket
type=SYSCALL msg=audit(1116857427.100:8619907): syscall=41 arch=c000003e success=no exit=-13 a0=2 a1=1 a2=6 a3=4 items=0 pid=7277 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm=dovecot-auth exe=/usr/libexec/dovecot/dovecot-auth
type=AVC msg=audit(1116857427.100:8619909): avc:  denied  { create } for  scontext=root:system_r:dovecot_auth_t tcontext=root:system_r:dovecot_auth_t tclass=tcp_socket
type=SYSCALL msg=audit(1116857427.100:8619909): syscall=41 arch=c000003e success=no exit=-13 a0=2 a1=1 a2=6 a3=4 items=0 pid=7277 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm=dovecot-auth exe=/usr/libexec/dovecot/dovecot-auth

I'll try to submit bugs again later.

tjb
-- 
=======================================================================
| Thomas Baker                                  email: tjb at unh.edu    |
| Systems Programmer                                                  |
| Research Computing Center                     voice: (603) 862-4490 |
| University of New Hampshire                     fax: (603) 862-1761 |
| 332 Morse Hall                                                      |
| Durham, NH 03824 USA              http://wintermute.sr.unh.edu/~tjb |
=======================================================================

More information about the fedora-test-list mailing list