FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 02-05-2008, 12:34 PM
Daniel J Walsh
 
Default sendmail avc's - on a system upgraded from f7 to f8 - in

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Timms wrote:
> Daniel J Walsh wrote:
>> David Timms wrote:
>>> AFAICS, I haven't made any configs to sendmail, yet I've started to get
>>> lots of AVC warnings in setroubleshoot, of three particular types:
>>>
>>> 1:========
>>> Summary
>>> SELinux is preventing the /usr/sbin/sendmail.sendmail from using
>>> potentially mislabeled files (<Unknown>).
>>>
>>> Detailed Description
>>> SELinux has denied /usr/sbin/sendmail.sendmail access to potentially
>>> mislabeled file(s) (<Unknown>). This means that SELinux will not allow
>
>> A postinstall script has ruined the labeling on your /etc/services file.
>>
>> # restorecon -v /etc/services
>> will fix
> # ls -lZ /etc/services
> -rw-r--r-- root root unconfined_ubject_r:rpm_script_tmp_t /etc/services
> Yes, you are correct.
>
> # restorecon -v /etc/services
> restorecon reset /etc/services context
> unconfined_ubject_r:rpm_script_tmp_t:s0->system_ubject_r:etc_t:s0
>
> I guess experience rather than reading the troubleshoot message led you
> to /etc/services ?
>
>>
Yes, although this is actually a bug in audit/setroubleshoot that is
causing the target mislabeled file to be <Unknown> If the frame work
had actually specified /etc/services, one of the plugins does a
matchpatcon on the file and sees that the file context differs from the
default and sets it correctly. Please report this as a bug on
setroubleshoot and include the audit messages so we can see why
setroubleshoot failed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkeoZfQACgkQrlYvE4MpobMgHQCbBbgrBQjhwI 3dXojEdKYrTTQP
GlsAoN4cCSvxzyguO77FVmdQzR2NbHPf
=knPX
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 02-05-2008, 12:35 PM
Daniel J Walsh
 
Default sendmail avc's - on a system upgraded from f7 to f8 - in

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Timms wrote:
> Paul Howarth wrote:
>> Might you have installed VMware?
> Correct.
>
>> Mangling the context of /etc/services
>> to rpm_script_tmp_t is a long-standing bug in the VMware package
>> scripts.
>
> # ls -lZ /etc/serv*
> -rw-r--r-- root root system_ubject_r:etc_t /etc/services
>
> # rpm -Uvh --replacepkgs VMware-server-1.0.4-56528.i386.rpm
> Preparing... ########################################### [100%]
> 1:VMware-server ########################################### [100%]
>
> # ls -lZ /etc/serv*
> -rw-r--r-- root root unconfined_ubject_r:rpm_script_tmp_t /etc/services
>
> Searching the vmware forums found the identical cause leading to slghtly
> different selinux symptoms - logging not working, and a comment form
> myself in there:
> http://communities.vmware.com/message/856343#856343
> referencing:
> http://www.redhat.com/archives/fedora-list/2007-April/msg00780.html ,794
>
> and another on using vmware-server with F8:
> http://communities.vmware.com/message/856343#856343
> which didn't stop me, but helped others.
>
> Actually, I submitted a vmware "defect report" to this effect.
>
> A secondary question: is there a way in which troubleshoot browser could
> be improved to point the finger at the correct cause / solution ?
> Or is the effort best spent in getting vmware to script the install more
> carefully ?
>
> DaveT.
> "short memory, must have a, short memory" - midnight oil
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
You can also use restorecond to watch this file in the future.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkeoZi8ACgkQrlYvE4MpobNlXACfdVrriTAJn8 M75khsnvGSwf4R
gd8An3+lsgyuJFqks3UHsf0pndc2dkZ7
=eTba
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 04:39 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org