Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   sendmail avc's - on a system upgraded from f7 to f8 - in (http://www.linux-archive.org/fedora-selinux-support/47238-sendmail-avcs-system-upgraded-f7-f8-unknown.html)

David Timms 02-04-2008 08:23 PM

sendmail avc's - on a system upgraded from f7 to f8 - in
 
Daniel J Walsh wrote:

David Timms wrote:

AFAICS, I haven't made any configs to sendmail, yet I've started to get
lots of AVC warnings in setroubleshoot, of three particular types:

1:========
Summary
SELinux is preventing the /usr/sbin/sendmail.sendmail from using
potentially mislabeled files (<Unknown>).

Detailed Description
SELinux has denied /usr/sbin/sendmail.sendmail access to potentially
mislabeled file(s) (<Unknown>). This means that SELinux will not allow



A postinstall script has ruined the labeling on your /etc/services file.

# restorecon -v /etc/services
will fix

# ls -lZ /etc/services
-rw-r--r-- root root unconfined_u:object_r:rpm_script_tmp_t /etc/services
Yes, you are correct.

# restorecon -v /etc/services
restorecon reset /etc/services context
unconfined_u:object_r:rpm_script_tmp_t:s0->system_u:object_r:etc_t:s0


I guess experience rather than reading the troubleshoot message led you
to /etc/services ?



If you any idea which rpm did this. I would like to know.
yum.logs--- I'l try to narrow it down, not sure how. I can't remember
now exactly what I was doing around the date that it started occurring.

===
Jan 27 18:17:06 Installed: apr-util - 1.2.10-2.fc8.i386
Jan 27 18:17:10 Installed: subversion - 1.4.4-7.i386
Jan 27 18:21:36 Installed: libxkbfile - 1.0.4-3.fc8.i386
Jan 27 18:21:37 Installed: xorg-x11-xkb-utils - 7.2-3.fc8.i386
Jan 27 18:23:39 Installed: wireshark - 0.99.7-2.fc8.i386
Jan 27 18:25:58 Installed: torcs-data - 1.3.0-2.noarch
Jan 27 18:26:58 Installed: libgnomeui-devel - 2.20.1.1-1.fc8.i386
Jan 27 18:30:28 Installed: libcaca - 0.99-0.3.beta11.fc8.i386
Jan 27 18:30:31 Installed: xine - 0.99.5-1.fc7.i386
Jan 27 18:33:26 Installed: gettext - 0.16.1-12.fc8.i386
Jan 27 18:33:27 Installed: redhat-lsb - 3.1-19.fc8.i386
Jan 27 18:34:23 Installed: bluez-libs - 3.20-1.fc8.i386
Jan 27 18:34:25 Installed: gnokii - 0.6.18-3.fc8.i386
Jan 27 18:37:01 Installed: ffmpeg - 0.4.9-0.8.20070530.fc7.i386
Jan 27 18:42:45 Installed: indent - 2.2.9-16.fc7.i386
Jan 27 18:48:09 Erased: perl-LDAP
Jan 27 18:50:05 Installed: fuse - 2.7.0-8.fc8.i386
Jan 27 18:51:32 Erased: audacity
Jan 27 18:52:00 Installed: compat-wxGTK26 - 2.6.4-0.8.i386
Jan 27 18:52:03 Installed: audacity - 1.3.2-17.fc8.i386
Jan 27 18:53:02 Erased: dvdrip
Jan 27 18:53:04 Erased: subtitleripper
Jan 27 18:53:06 Erased: transcode
Jan 27 18:53:43 Installed: ffmpeg-libpostproc - 0.4.9-0.8.20070530.fc7.i386
Jan 27 18:53:48 Installed: transcode - 1.0.3-1.fc7.i386
Jan 27 18:54:20 Erased: x264-devel
Jan 27 18:54:47 Installed: x264-devel - 0.0.0-0.3.20070529.fc7.i386
Jan 27 18:55:25 Erased: timmsy-servers
Jan 27 18:59:20 Erased: gkrellm
Jan 27 18:59:26 Erased: timmsy-apps
Jan 27 18:59:58 Installed: lm_sensors - 2.10.5-1.fc8.i386
Jan 27 19:00:00 Installed: gkrellm - 2.3.0-4.fc8.i386
Jan 27 19:02:23 Erased: faad2-devel
Jan 27 19:02:55 Installed: setroubleshoot-server - 1.10.7-1.fc8.noarch
Jan 27 19:03:31 Erased: ocsinventory-client
Jan 27 19:05:47 Installed: lincity-ng-data - 1.1.1-2.fc8.i386
Jan 27 19:10:25 Installed: libquicktime - 1.0.0-1.fc7.i386
Jan 27 19:11:45 Installed: tcl - 1:8.4.15-5.fc8.i386
Jan 27 19:11:49 Installed: ppracer - 0.3.1-13.fc8.i386
Jan 27 19:14:09 Erased: perl-AnyEvent
Jan 27 19:14:10 Erased: perl-Event-ExecFlow
Jan 27 19:14:11 Erased: perl-Coro
Jan 27 19:15:04 Erased: perl-Net-Jabber
Jan 27 19:15:06 Erased: perl-SOAP-Lite
Jan 27 20:02:54 Installed: thunderbird-debuginfo - 2.0.0.9-1.fc8.i386
Jan 27 21:30:09 Erased: thunderbird
Jan 27 21:35:35 Installed: thunderbird - 2.0.0.9-1.fc8.i386
Jan 27 22:31:47 Installed: tetex-fonts - 3.0-44.3.fc8.i386
----started here for one of the 3. Yum log was rolled over at this time
as well.

Jan 27 22:37:03 Installed: pulseaudio-libs - 0.9.8-5.fc8.i386
Jan 27 22:41:21 Installed: dialog - 1.1-2.20070704.fc8.i386
Jan 27 22:44:43 Installed: fedora-screensaver-theme - 1.0.0-1.fc8.noarch
Jan 27 22:46:53 Installed: SDL - 1.2.13-1.fc8.i386
Jan 27 23:06:07 Erased: libswscale0
Jan 27 23:09:38 Erased: kernel-devel
Jan 27 23:09:43 Erased: timmsy-development
Jan 28 00:04:30 Updated: pulseaudio-core-libs - 0.9.8-5.fc8.i386
Jan 28 00:04:33 Updated: glib-java - 0.2.6-10.fc8.i386
Jan 28 00:04:36 Updated: pulseaudio - 0.9.8-5.fc8.i386
Jan 28 00:04:38 Updated: cairo-java - 1.0.5-8.fc8.i386
Jan 28 00:04:40 Updated: libgtk-java - 2.8.7-5.fc8.i386
Jan 28 00:04:40 Updated: pulseaudio-module-x11 - 0.9.8-5.fc8.i386
Jan 28 00:04:41 Updated: pulseaudio-libs-zeroconf - 0.9.8-5.fc8.i386
Jan 28 00:04:42 Updated: glew - 1.4.0-5.fc8.i386
Jan 28 00:04:43 Updated: libbeagle - 0.2.18-4.fc8.i386
Jan 28 00:05:03 Updated: allegro - 4.2.2-7.fc8.i386
Jan 28 00:05:03 Updated: pulseaudio-libs-glib2 - 0.9.8-5.fc8.i386
Jan 28 00:05:05 Updated: libgconf-java - 2.12.4-9.fc8.i386
Jan 28 00:05:06 Updated: xterm - 231-1.fc8.i386
Jan 28 00:05:07 Updated: pulseaudio-esound-compat - 0.9.8-5.fc8.i386
Jan 28 00:05:50 Installed: kernel - 2.6.23.14-107.fc8.i686
Jan 28 00:05:51 Updated: hwdata - 0.215-1.fc8.noarch
Jan 28 00:05:52 Updated: pulseaudio-module-gconf - 0.9.8-5.fc8.i386
Jan 28 00:05:53 Updated: pulseaudio-utils - 0.9.8-5.fc8.i386
Jan 28 00:05:56 Updated: liberation-fonts - 1.0-1.fc8.noarch
Jan 28 00:06:08 Updated: docbook-style-xsl - 1.73.2-5.fc8.noarch
Jan 28 00:06:08 Updated: python-turbokid - 1.0.4-1.fc8.noarch
Jan 28 00:06:09 Updated: logrotate - 3.7.6-2.2.fc8.i386
Jan 28 00:06:17 Updated: kernel-headers - 2.6.23.14-107.fc8.i386
Jan 28 00:31:15 Installed: kernel-devel - 2.6.23.14-107.fc8.i686
Jan 28 10:13:10 Installed: memtest86+ - 1.70-4.fc8.i386
Jan 30 20:09:14 Updated: bash - 3.2-20.fc8.i386
Jan 30 20:09:18 Updated: libacl - 2.2.39-13.fc8.i386

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

David Timms 02-05-2008 11:35 AM

sendmail avc's - on a system upgraded from f7 to f8 - in
 
Paul Howarth wrote:

Might you have installed VMware?

Correct.


Mangling the context of /etc/services
to rpm_script_tmp_t is a long-standing bug in the VMware package
scripts.


# ls -lZ /etc/serv*
-rw-r--r-- root root system_u:object_r:etc_t /etc/services

# rpm -Uvh --replacepkgs VMware-server-1.0.4-56528.i386.rpm
Preparing... ########################################### [100%]
1:VMware-server ########################################### [100%]

# ls -lZ /etc/serv*
-rw-r--r-- root root unconfined_u:object_r:rpm_script_tmp_t /etc/services

Searching the vmware forums found the identical cause leading to slghtly
different selinux symptoms - logging not working, and a comment form
myself in there:

http://communities.vmware.com/message/856343#856343
referencing:
http://www.redhat.com/archives/fedora-list/2007-April/msg00780.html ,794

and another on using vmware-server with F8:
http://communities.vmware.com/message/856343#856343
which didn't stop me, but helped others.

Actually, I submitted a vmware "defect report" to this effect.

A secondary question: is there a way in which troubleshoot browser could
be improved to point the finger at the correct cause / solution ?
Or is the effort best spent in getting vmware to script the install more
carefully ?


DaveT.
"short memory, must have a, short memory" - midnight oil

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


All times are GMT. The time now is 08:16 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.