FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 01-19-2008, 09:14 PM
Gene Heskett
 
Default procmail revisited, and now squid

Greetings;

The last policy update didn't fix my procmail problems yet, in fact it made
them worse cuz now I'm getting failure messages in its logfile that I wasn't
before.
procmail, setroubleshoot output:
Source Context:**system_u:system_rrocmail_t:s0
Target Context:**unconfined_ubject_r:var_log_t:s0
Target Objects:**None [ file ]
Affected RPM Packages:**procmail-3.22-20.fc8 [application]
Policy RPM:**selinux-policy-3.0.8-74.fc8
Selinux Enabled:**True
Policy Type:**targeted
MLS Enabled:**True
Enforcing Mode:**Enforcing
Plugin Name:**plugins.mislabeled_file
Host Name:**coyote.coyote.den
Platform:**Linux coyote.coyote.den 2.6.24-rc8 #2 SMP Wed Jan 16 22:47:57 EST
2008 i686 athlon
Alert Count:**3
First Seen:**Sat 19 Jan 2008 01:50:20 AM EST
Last Seen:**Sat 19 Jan 2008 05:09:16 AM EST
Local ID:**3114f17d-0dc1-4453-ad4c-3b3548003cc4
Line Numbers:**Raw
Audit Messages :
avc: denied { append } for comm=procmail dev=dm-0 egid=500 euid=500
exe=/usr/bin/procmail exit=-13 fsgid=500 fsuid=500 gid=500 items=0
name=procmail.log pid=10138 scontext=system_u:system_rrocmail_t:s0 sgid=0
subj=system_u:system_rrocmail_t:s0 suid=500 tclass=file
tcontext=unconfined_ubject_r:var_log_t:s0 tty=(none) uid=500

I note that the Last Seen time is before I did an autorelabel this morning.

And now, trying to setup squid, I'm failing that:

Source Context:**system_u:system_r:squid_t:s0
Target Context:**system_ubject_r:var_spool_t:s0
Target Objects:**None [ dir ]
Affected RPM Packages:**squid-2.6.STABLE17-1.fc8 [application]
Policy RPM:**selinux-policy-3.0.8-74.fc8
Selinux Enabled:**True
Policy Type:**targeted
MLS Enabled:**True
Enforcing Mode:**Enforcing
Plugin Name:**plugins.mislabeled_file
Host Name:**coyote.coyote.den
Platform:**Linux coyote.coyote.den 2.6.24-rc8 #2 SMP Wed Jan 16 22:47:57 EST
2008 i686 athlon
Alert Count:**3
First Seen:**Sat 19 Jan 2008 02:29:31 PM EST
Last Seen:**Sat 19 Jan 2008 04:43:50 PM EST
Local ID:**1eb62793-1368-45b9-b0c0-c117f10dafd4
Line Numbers:**Raw
Audit Messages :
avc: denied { write } for comm=squid dev=dm-0 egid=23 euid=23
exe=/usr/sbin/squid exit=-13 fsgid=23 fsuid=23 gid=23 items=0 name=squid
pid=17099 scontext=system_u:system_r:squid_t:s0 sgid=23
subj=system_u:system_r:squid_t:s0 suid=0 tclass=dir
tcontext=system_ubject_r:var_spool_t:s0 tty=pts9 uid=23

For squid, I hand made its parent /var/spool/squid dir, and chowned it to
squid:squid but the exact same failure occurs as it is trying to setup its
cache dirs within that dir, so I gave it up. Its logs gets a new stanza of
this:

squid: ERROR: No running copy
2008/01/19 14:29:31| Creating Swap Directories
FATAL: Failed to make swap directory /var/spool/squid/00: (13) Permission
denied
Squid Cache (Version 2.6.STABLE17): Terminated abnormally.
CPU Usage: 0.001 seconds = 0.001 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0

for everytime I attempt a 'service squid start'

Can we make these work please? setroubleshooter's suggestions about running
restorecon are rather worthless without the rest of the command line as an
example cuz I have NDI what the file should be relabeled as.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
In my experience, if you have to keep the lavatory door shut by extending
your left leg, it's modern architecture.
-- Nancy Banks Smith

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-21-2008, 11:24 AM
Paul Howarth
 
Default procmail revisited, and now squid

Gene Heskett wrote:

Greetings;

The last policy update didn't fix my procmail problems yet, in fact it made
them worse cuz now I'm getting failure messages in its logfile that I wasn't
before.

procmail, setroubleshoot output:
Source Context: system_u:system_rrocmail_t:s0
Target Context: unconfined_ubject_r:var_log_t:s0
Target Objects: None [ file ]
Affected RPM Packages: procmail-3.22-20.fc8 [application]
Policy RPM: selinux-policy-3.0.8-74.fc8
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: plugins.mislabeled_file
Host Name: coyote.coyote.den
Platform: Linux coyote.coyote.den 2.6.24-rc8 #2 SMP Wed Jan 16 22:47:57 EST
2008 i686 athlon

Alert Count: 3
First Seen: Sat 19 Jan 2008 01:50:20 AM EST
Last Seen: Sat 19 Jan 2008 05:09:16 AM EST
Local ID: 3114f17d-0dc1-4453-ad4c-3b3548003cc4
Line Numbers: Raw
Audit Messages :
avc: denied { append } for comm=procmail dev=dm-0 egid=500 euid=500
exe=/usr/bin/procmail exit=-13 fsgid=500 fsuid=500 gid=500 items=0
name=procmail.log pid=10138 scontext=system_u:system_rrocmail_t:s0 sgid=0
subj=system_u:system_rrocmail_t:s0 suid=500 tclass=file
tcontext=unconfined_ubject_r:var_log_t:s0 tty=(none) uid=500


I note that the Last Seen time is before I did an autorelabel this morning.


Try running "restorecon -v procmail.log" (which is presumably in /var/log)


And now, trying to setup squid, I'm failing that:

Source Context: system_u:system_r:squid_t:s0
Target Context: system_ubject_r:var_spool_t:s0
Target Objects: None [ dir ]
Affected RPM Packages: squid-2.6.STABLE17-1.fc8 [application]
Policy RPM: selinux-policy-3.0.8-74.fc8
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: plugins.mislabeled_file
Host Name: coyote.coyote.den
Platform: Linux coyote.coyote.den 2.6.24-rc8 #2 SMP Wed Jan 16 22:47:57 EST
2008 i686 athlon

Alert Count: 3
First Seen: Sat 19 Jan 2008 02:29:31 PM EST
Last Seen: Sat 19 Jan 2008 04:43:50 PM EST
Local ID: 1eb62793-1368-45b9-b0c0-c117f10dafd4
Line Numbers: Raw
Audit Messages :
avc: denied { write } for comm=squid dev=dm-0 egid=23 euid=23
exe=/usr/sbin/squid exit=-13 fsgid=23 fsuid=23 gid=23 items=0 name=squid
pid=17099 scontext=system_u:system_r:squid_t:s0 sgid=23
subj=system_u:system_r:squid_t:s0 suid=0 tclass=dir
tcontext=system_ubject_r:var_spool_t:s0 tty=pts9 uid=23

For squid, I hand made its parent /var/spool/squid dir, and chowned it to
squid:squid but the exact same failure occurs as it is trying to setup its
cache dirs within that dir, so I gave it up. Its logs gets a new stanza of
this:


squid: ERROR: No running copy
2008/01/19 14:29:31| Creating Swap Directories
FATAL: Failed to make swap directory /var/spool/squid/00: (13) Permission
denied

Squid Cache (Version 2.6.STABLE17): Terminated abnormally.
CPU Usage: 0.001 seconds = 0.001 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0

for everytime I attempt a 'service squid start'

Can we make these work please? setroubleshooter's suggestions about running
restorecon are rather worthless without the rest of the command line as an
example cuz I have NDI what the file should be relabeled as.


restorecon -rv /var/spool/squid

It should be squid_cache_t

Paul.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 02:37 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org