FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 08-24-2008, 03:13 AM
Brian Chadwick
 
Default Postfix, /root/.forward, SELinux, F9, Strange AVC

Hi All.

Well, I have scoured the docs and cant find anything that looks like the
problem I am having here.


I have a .forward file in /root .. Mail to root should divert to my user
account, but SELinux stops Postfix from doing so. If I set SELinux to
permissive, then it works, but of course logs the same AVC.
SETroubleshooter says to restorecon -R './root' ... ./root is a relative
path ... so what does this mean? It doesnt work.


[root@admin ~]# restorecon -R -v './root'
restorecon: stat error on ./root: No such file or directory
[root@admin ~]#

.forward File Context:

[root@admin ~]# ls -Z /root/.forward
-rw-r--r-- root root unconfined_ubject_r:admin_home_t:s0 /root/.forward
[root@admin ~]#

Postix Booleans:

getsebool -a | grep post
allow_postfix_local_write_mail_spool --> on
allow_user_postgresql_connect --> off
[root@admin ~]#

Raw Audit Messages :

host=admin.brianac.com.au type=AVC msg=audit(1219546087.579:2125): avc:
denied { search } for pid=26716 comm="local" name="root" dev=dm-7
ino=63489 scontext=system_u:system_rostfix_local_t:s0
tcontext=system_ubject_r:admin_home_t:s0 tclass=dir


host=admin.brianac.com.au type=SYSCALL msg=audit(1219546087.579:2125):
arch=40000003 syscall=196 success=no exit=-13 a0=b8079568 a1=bfe2b844
a2=7dfff4 a3=0 items=0 ppid=3274 pid=26716 auid=4294967295 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="local" exe="/usr/libexec/postfix/local"
subj=system_u:system_rostfix_local_t:s0 key=(null)


Output from Troubleshooter:

Summary

SELinux is preventing the local from using potentially mislabeled files
(./root).


Detailed Description

SELinux has denied local access to potentially mislabeled file(s)
(./root). This means that SELinux will not allow local to use these
files. It is common for users to edit files in their home directory or
tmp directories and then move (mv) them to system directories. The
problem is that the files end up with the wrong file context which
confined applications are not allowed to access.


Allowing Access

If you want local to access this files, you need to relabel them using
restorecon -v './root'. You might want to relabel the entire directory
using restorecon -R -v './root'.


Additional Information

Source Context: system_u:system_rostfix_local_t:s0
Target Context: system_ubject_r:admin_home_t:s0
Target Objects: ./root [ dir ]Source: local
Source Path: /usr/libexec/postfix/local
Port: <Unknown>
Host: admin.brianac.com.au
Source RPM Packages: postfix-2.5.1-2.fc9
Target RPM Packages: filesystem-2.4.13-1.fc9
Policy RPM: selinux-policy-3.3.1-84.fc9
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: home_tmp_bad_labels
Host Name: admin.brianac.com.au
Platform: Linux admin.brianac.com.au 2.6.25.14-108.fc9.i686 #1 SMP Mon Aug

Troubleshooter says to restorecon for ./root. What is this? .. That is a
relative path, not a full path.


Can anyone help decipher this AVC and provide a fix?

Cheers and Beers

Brian

--
Political Correctness is a doctrine, fostered by a delusional, illogical minority, and rabidly promoted by an unscrupulous mainstream media, which holds forth the proposition that it is entirely possible to pick up a turd by the clean end.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 08-24-2008, 06:55 AM
Nifty Fedora Mitch
 
Default Postfix, /root/.forward, SELinux, F9, Strange AVC

On Sun, Aug 24, 2008 at 01:13:11PM +1000, Brian Chadwick wrote:
>
> Well, I have scoured the docs and cant find anything that looks like the
> problem I am having here.
>
> I have a .forward file in /root .. Mail to root should divert to my user
> account, but SELinux stops Postfix from doing so. If I set SELinux to
> permissive, then it works, but of course logs the same AVC.
> SETroubleshooter says to restorecon -R './root' ... ./root is a relative
> path ... so what does this mean? It doesnt work.
>

Since this is root just fix the aliase for root.
Look for the two lines in /etc/aliases that looks like
these then add a third that looks like the third.


# Person who should get root's mail
#root: marc
root: brianchad@westnet.com.au

The .forward thing has been a thorn to a lot of systems
so expect to have to read the documentation and more....



--
T o m M i t c h e l l
Got a great hat... now what.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 03:04 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org