FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 02-03-2008, 02:49 AM
David Timms
 
Default sendmail avc's - on a system upgraded from f7 to f8 - in

AFAICS, I haven't made any configs to sendmail, yet I've started to get
lots of AVC warnings in setroubleshoot, of three particular types:

1:========
Summary
SELinux is preventing the /usr/sbin/sendmail.sendmail from using
potentially mislabeled files (<Unknown>).

Detailed Description
SELinux has denied /usr/sbin/sendmail.sendmail access to potentially
mislabeled file(s) (<Unknown>). This means that SELinux will not allow
/usr/sbin/sendmail.sendmail to use these files. It is common for users
to edit files in their home directory or tmp directories and then move
(mv) them to system directories. The problem is that the files end up
with the wrong file context which confined applications are not allowed
to access.

Allowing Access
If you want /usr/sbin/sendmail.sendmail to access this files, you need
to relabel them using restorecon -v <Unknown>. You might want to relabel
the entire directory using restorecon -R -v <Unknown>.

Additional Information

Source Context system_u:system_r:sendmail_t
Target Context unconfined_ubject_r:rpm_script_tmp_t
Target Objects None [ file ]
Affected RPM Packages sendmail-8.14.2-1.fc8 [application]
Policy RPM selinux-policy-3.0.8-81.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.home_tmp_bad_labels
Host Name davidtdesktop
Platform Linux davidtdesktop 2.6.23.14-107.fc8 #1
SMP Mon
Jan 14 21:37:30 EST 2008 i686 athlon
Alert Count 52
First Seen Mon 28 Jan 2008 18:32:36 EST
Last Seen Sun 03 Feb 2008 14:31:08 EST
Local ID e5d4104c-605b-473f-aa9a-0bc219636676
Line Numbers

Raw Audit Messages

avc: denied { read } for comm=sendmail dev=dm-0 egid=51 euid=51
exe=/usr/sbin/sendmail.sendmail exit=-13 fsgid=51 fsuid=51 gid=51 items=0
name=services pid=4791 scontext=system_u:system_r:sendmail_t:s0 sgid=51
subj=system_u:system_r:sendmail_t:s0 suid=51 tclass=file
tcontext=unconfined_ubject_r:rpm_script_tmp_t:s0 tty=(none) uid=51

2:=====
Summary
SELinux is preventing the /usr/sbin/sendmail.sendmail from using
potentially mislabeled files (<Unknown>).

Detailed Description
SELinux has denied /usr/sbin/sendmail.sendmail access to potentially
mislabeled file(s) (<Unknown>). This means that SELinux will not allow
/usr/sbin/sendmail.sendmail to use these files. It is common for users
to edit files in their home directory or tmp directories and then move
(mv) them to system directories. The problem is that the files end up
with the wrong file context which confined applications are not allowed
to access.

Allowing Access
If you want /usr/sbin/sendmail.sendmail to access this files, you need
to relabel them using restorecon -v <Unknown>. You might want to relabel
the entire directory using restorecon -R -v <Unknown>.

Additional Information

Source Context system_u:system_r:system_mail_t:SystemLow-
SystemHigh
Target Context unconfined_ubject_r:rpm_script_tmp_t
Target Objects None [ file ]
Affected RPM Packages sendmail-8.14.2-1.fc8 [application]
Policy RPM selinux-policy-3.0.8-81.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.home_tmp_bad_labels
Host Name davidtdesktop
Platform Linux davidtdesktop 2.6.23.14-107.fc8 #1
SMP Mon
Jan 14 21:37:30 EST 2008 i686 athlon
Alert Count 21
First Seen Mon 28 Jan 2008 00:00:02 EST
Last Seen Sun 03 Feb 2008 12:00:01 EST
Local ID 61f52ef3-2fca-4607-ade4-b8e117ca7a06
Line Numbers

Raw Audit Messages

avc: denied { read } for comm=sendmail dev=dm-0 egid=51 euid=51
exe=/usr/sbin/sendmail.sendmail exit=-13 fsgid=51 fsuid=51 gid=51 items=0
name=services pid=4402
scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023
sgid=51 subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 suid=51
tclass=file
tcontext=unconfined_ubject_r:rpm_script_tmp_t:s0 tty=(none) uid=51

3:======
Summary
SELinux is preventing the /usr/sbin/sendmail.sendmail from using
potentially mislabeled files (<Unknown>).

Detailed Description
SELinux has denied /usr/sbin/sendmail.sendmail access to potentially
mislabeled file(s) (<Unknown>). This means that SELinux will not allow
/usr/sbin/sendmail.sendmail to use these files. It is common for users
to edit files in their home directory or tmp directories and then move
(mv) them to system directories. The problem is that the files end up
with the wrong file context which confined applications are not allowed
to access.

Allowing Access
If you want /usr/sbin/sendmail.sendmail to access this files, you need
to relabel them using restorecon -v <Unknown>. You might want to relabel
the entire directory using restorecon -R -v <Unknown>.

Additional Information

Source Context system_u:system_r:system_mail_t
Target Context unconfined_ubject_r:rpm_script_tmp_t
Target Objects None [ file ]
Affected RPM Packages sendmail-8.14.2-1.fc8 [application]
Policy RPM selinux-policy-3.0.8-81.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.home_tmp_bad_labels
Host Name davidtdesktop
Platform Linux davidtdesktop 2.6.23.14-107.fc8 #1
SMP Mon
Jan 14 21:37:30 EST 2008 i686 athlon
Alert Count 14
First Seen Sun 27 Jan 2008 22:31:52 EST
Last Seen Sun 03 Feb 2008 09:07:52 EST
Local ID 426efd22-09c0-4e57-9975-03c2ec8ad840
Line Numbers

Raw Audit Messages

avc: denied { read } for comm=sendmail dev=dm-0 egid=51 euid=51
exe=/usr/sbin/sendmail.sendmail exit=-13 fsgid=51 fsuid=51 gid=51 items=0
name=services pid=3416 scontext=system_u:system_r:system_mail_t:s0 sgid=51
subj=system_u:system_r:system_mail_t:s0 suid=51 tclass=file
tcontext=unconfined_ubject_r:rpm_script_tmp_t:s0 tty=(none) uid=51

=====
I'm not sure of the significance of <unknown> in the report.

But for eg:
# rpm -V sendmail
S.5....T c /var/log/mail/statistics

#rpm -ql sendmail|xargs ls -lZ
-rw-r--r-- root root system_ubject_r:etc_mail_t /etc/mail/access
-rw-r----- root root system_ubject_r:etc_mail_t /etc/mail/access.db
-rw-r--r-- root root system_ubject_r:etc_mail_t
/etc/mail/domaintable
-rw-r----- root root system_ubject_r:etc_mail_t
/etc/mail/domaintable.db
-r--r--r-- root root system_ubject_r:etc_mail_t /etc/mail/helpfile
-rw-r--r-- root root system_ubject_r:etc_mail_t
/etc/mail/local-host-names
-rw-r--r-- root root system_ubject_r:etc_mail_t
/etc/mail/mailertable
-rw-r----- root root system_ubject_r:etc_mail_t
/etc/mail/mailertable.db
-rw-r--r-- root root system_ubject_r:etc_mail_t /etc/mail/Makefile
-rw-r--r-- root root system_ubject_r:etc_mail_t
/etc/mail/sendmail.cf
-rw-r--r-- root root system_ubject_r:etc_mail_t
/etc/mail/sendmail.mc
-r--r--r-- root root system_ubject_r:etc_mail_t /etc/mail/submit.cf
-rw-r--r-- root root system_ubject_r:etc_mail_t /etc/mail/submit.mc
-rw-r--r-- root root system_ubject_r:etc_mail_t
/etc/mail/trusted-users
-rw-r--r-- root root system_ubject_r:etc_mail_t
/etc/mail/virtusertable
-rw-r----- root root system_ubject_r:etc_mail_t
/etc/mail/virtusertable.db
-rw-r--r-- root root system_ubject_r:etc_t
/etc/pam.d/smtp.sendmail
-rwxr-xr-x root root system_ubject_r:initrc_exec_t
/etc/rc.d/init.d/sendmail
-rw-r--r-- root root system_ubject_r:etc_t
/etc/sysconfig/sendmail
lrwxrwxrwx root root system_ubject_r:bin_t /usr/bin/hoststat
lrwxrwxrwx root root system_ubject_r:bin_t
/usr/bin/mailq.sendmail
lrwxrwxrwx root root system_ubject_r:bin_t /usr/bin/makemap
lrwxrwxrwx root root system_ubject_r:bin_t
/usr/bin/newaliases.sendmail
lrwxrwxrwx root root system_ubject_r:bin_t /usr/bin/purgestat
-rwxr-xr-x root root system_ubject_r:bin_t
/usr/bin/rmail.sendmail
-rw-r--r-- root root system_ubject_r:lib_t
/usr/lib/sasl2/Sendmail.conf
lrwxrwxrwx root root system_ubject_r:lib_t
/usr/lib/sendmail.sendmail
-rwxr-xr-x root root system_ubject_r:bin_t /usr/sbin/mailstats
-rwxr-xr-x root root system_ubject_r:bin_t /usr/sbin/makemap
-rwxr-xr-x root root system_ubject_r:bin_t /usr/sbin/praliases
-rwxr-sr-x root smmsp system_ubject_r:sendmail_exec_t
/usr/sbin/sendmail.sendmail
-rwxr-xr-x root root system_ubject_r:shell_exec_t /usr/sbin/smrsh
-rw-r--r-- root root system_ubject_r:usr_t
/usr/share/doc/sendmail-8.14.2/FAQ
-rw-r--r-- root root system_ubject_r:usr_t
/usr/share/doc/sendmail-8.14.2/KNOWNBUGS
-rw-r--r-- root root system_ubject_r:usr_t
/usr/share/doc/sendmail-8.14.2/LICENSE
-rw-r--r-- root root system_ubject_r:usr_t
/usr/share/doc/sendmail-8.14.2/README
-rw-r--r-- root root system_ubject_r:usr_t
/usr/share/doc/sendmail-8.14.2/RELEASE_NOTES
-rw-r--r-- root root system_ubject_r:man_t
/usr/share/man/man1/mailq.sendmail.1.gz
-rw-r--r-- root root system_ubject_r:man_t
/usr/share/man/man1/newaliases.sendmail.1.gz
-rw-r--r-- root root system_ubject_r:man_t
/usr/share/man/man5/aliases.sendmail.5.gz
-rw-r--r-- root root system_ubject_r:man_t
/usr/share/man/man8/mailstats.8.gz
-rw-r--r-- root root system_ubject_r:man_t
/usr/share/man/man8/makemap.8.gz
-rw-r--r-- root root system_ubject_r:man_t
/usr/share/man/man8/praliases.8.gz
-rw-r--r-- root root system_ubject_r:man_t
/usr/share/man/man8/rmail.8.gz
-rw-r--r-- root root system_ubject_r:man_t
/usr/share/man/man8/sendmail.sendmail.8.gz
-rw-r--r-- root root system_ubject_r:man_t
/usr/share/man/man8/smrsh.8.gz
-rw------- root root system_ubject_r:sendmail_log_t
/var/log/mail/statistics

/etc/mail:
-rw-r--r-- root root system_ubject_r:etc_mail_t access
-rw-r----- root root system_ubject_r:etc_mail_t access.db
-rw-r--r-- root root system_ubject_r:etc_mail_t domaintable
-rw-r----- root root system_ubject_r:etc_mail_t domaintable.db
-r--r--r-- root root system_ubject_r:etc_mail_t helpfile
-rw-r--r-- root root system_ubject_r:etc_mail_t local-host-names
-rw-r--r-- root root system_ubject_r:etc_mail_t mailertable
-rw-r----- root root system_ubject_r:etc_mail_t mailertable.db
-rw-r--r-- root root system_ubject_r:etc_mail_t Makefile
-rw-r--r-- root root system_ubject_r:etc_mail_t sendmail.cf
-rw-r--r-- root root system_ubject_r:etc_mail_t sendmail.mc
drwxr-xr-x root root system_ubject_r:etc_mail_t spamassassin
-r--r--r-- root root system_ubject_r:etc_mail_t submit.cf
-rw-r--r-- root root system_ubject_r:etc_mail_t submit.mc
-rw-r--r-- root root system_ubject_r:etc_mail_t trusted-users
-rw-r--r-- root root system_ubject_r:etc_mail_t virtusertable
-rw-r----- root root system_ubject_r:etc_mail_t virtusertable.db

/etc/smrsh:

/usr/share/doc/sendmail-8.14.2:
-rw-r--r-- root root system_ubject_r:usr_t FAQ
-rw-r--r-- root root system_ubject_r:usr_t KNOWNBUGS
-rw-r--r-- root root system_ubject_r:usr_t LICENSE
-rw-r--r-- root root system_ubject_r:usr_t README
-rw-r--r-- root root system_ubject_r:usr_t RELEASE_NOTES

/var/log/mail:
-rw------- root root system_ubject_r:sendmail_log_t statistics

/var/spool/clientmqueue:
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0TAL2Z4002179
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0TAL2Z5002179
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0TAL2Z6002179
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0TBuDQl003422
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0TBvh2R003889
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0TD017m005694
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0TKmEhp002179
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0TKmEhq002179
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0TKmEhr002179
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0U9cIeG006258
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0U9ZDWF004246
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0UA01ED006312
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0V8sBCp002180
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0V8sBCq002180
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0V8sBCr002180
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0VA02Ur004010
-rw-rw---- davidt smmsp system_ubject_r:mqueue_spool_t dfm0VAT2Kl005308
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0VATPCh005580
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0VAVCQU006128
-rw-rw---- davidt smmsp system_ubject_r:mqueue_spool_t dfm0VBe2tP006857
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0VD02fi007007
-rw-rw---- davidt smmsp system_ubject_r:mqueue_spool_t dfm0VEe13G007185
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0VEsBCp007222
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0VEsBCq007222
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0VEsBCr007222
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0VEsBCs007222
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0VFsBCp007322
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0VG01XF007335
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0VHsBCp008314
-rw-rw---- smmsp smmsp unconfined_ubject_r:mqueue_spool_t
dfm0VHW6HF007736
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0VHW8cm008025
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0VIsBCp008420
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0VJ01Xa008433
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm0VKsBCp008627
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm117jvOI002185
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm117jvOJ002185
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm117jvOK002185
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm11A01jB003317
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm11D03rF004596
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm11KVEe6002181
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm11KVEe7002181
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm11M01sH002693
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm11M6OET002942
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm11M7vs1003405
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm12102m9004637
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm122VEe6006707
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm122VEe7006707
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm122VEe8006707
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm12402pG008037
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm125VEe6009373
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm12701Q0010624
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm128VEe6011891
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm129VEe6012792
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm129VEe7012792
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm12A02F1013291
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm12AVEe6013796
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm12BVEe6017595
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm12D02Dr019018
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm12KV8PK002188
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm12KV8PL002188
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm12M01K2002693
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm12M6Jvg002942
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm12M7qnO003416
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm13101hF004402
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm132V8PK004643
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm132V8PL004643
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t dfm132V8PM004643
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0TAL2Z4002179
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0TAL2Z5002179
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0TAL2Z6002179
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0TBuDQl003422
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0TBvh2R003889
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0TD017m005694
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0TKmEhp002179
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0TKmEhq002179
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0TKmEhr002179
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0U9cIeG006258
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0U9ZDWF004246
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0UA01ED006312
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0V8sBCp002180
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0V8sBCq002180
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0V8sBCr002180
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VA02Ur004010
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VAT2Kl005308
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VATPCh005580
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VAVCQU006128
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VBe2tP006857
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VD02fi007007
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VEe13G007185
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VEsBCp007222
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VEsBCq007222
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VEsBCr007222
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VEsBCs007222
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VFsBCp007322
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VG01XF007335
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VHsBCp008314
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VHW6HF007736
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VHW8cm008025
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VIsBCp008420
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VJ01Xa008433
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm0VKsBCp008627
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm117jvOI002185
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm117jvOJ002185
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm117jvOK002185
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm11A01jB003317
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm11D03rF004596
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm11KVEe6002181
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm11KVEe7002181
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm11M01sH002693
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm11M6OET002942
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm11M7vs1003405
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm12102m9004637
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm122VEe6006707
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm122VEe7006707
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm122VEe8006707
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm12402pG008037
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm125VEe6009373
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm12701Q0010624
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm128VEe6011891
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm129VEe6012792
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm129VEe7012792
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm12A02F1013291
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm12AVEe6013796
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm12BVEe6017595
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm12D02Dr019018
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm12KV8PK002188
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm12KV8PL002188
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm12M01K2002693
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm12M6Jvg002942
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm12M7qnO003416
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm13101hF004402
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm132V8PK004643
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm132V8PL004643
-rw-rw---- smmsp smmsp system_ubject_r:mqueue_spool_t qfm132V8PM004643

/var/spool/mqueue:

The counts are so high because cron jobs trigger the warnings. Is this a
problem for others - or I have I messed something up. Note I'm not
trying to use sendmail - cron tasks are.

DaveT.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 02-04-2008, 10:54 PM
Paul Howarth
 
Default sendmail avc's - on a system upgraded from f7 to f8 - in

On Tue, 05 Feb 2008 08:23:43 +1100
David Timms <dtimms@iinet.net.au> wrote:

> Daniel J Walsh wrote:
> > David Timms wrote:
> >> AFAICS, I haven't made any configs to sendmail, yet I've started
> >> to get lots of AVC warnings in setroubleshoot, of three particular
> >> types:
> >>
> >> 1:========
> >> Summary
> >> SELinux is preventing the /usr/sbin/sendmail.sendmail from using
> >> potentially mislabeled files (<Unknown>).
> >>
> >> Detailed Description
> >> SELinux has denied /usr/sbin/sendmail.sendmail access to
> >> potentially mislabeled file(s) (<Unknown>). This means that
> >> SELinux will not allow
>
> > A postinstall script has ruined the labeling on your /etc/services
> > file.
> >
> > # restorecon -v /etc/services
> > will fix
> # ls -lZ /etc/services
> -rw-r--r-- root root
> unconfined_ubject_r:rpm_script_tmp_t /etc/services Yes, you are
> correct.
>
> # restorecon -v /etc/services
> restorecon reset /etc/services context
> unconfined_ubject_r:rpm_script_tmp_t:s0->system_ubject_r:etc_t:s0
>
> I guess experience rather than reading the troubleshoot message led
> you to /etc/services ?
>
> > If you any idea which rpm did this. I would like to know.
> yum.logs--- I'l try to narrow it down, not sure how. I can't
> remember now exactly what I was doing around the date that it started
> occurring. ===

Might you have installed VMware? Mangling the context of /etc/services
to rpm_script_tmp_t is a long-standing bug in the VMware package
scripts.

Paul.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 07:27 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org