FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 12-14-2011, 09:34 PM
"Lester M. Petrie Jr."
 
Default procmail prevented from delivering mail

Hi

When I try to have procmail deliver my email, I get the following avc messages:

type=AVC msg=audit(1323699624.572:2022): avc: denied { write } for pid=18801 comm="procmail" name="local-mail" dev=sdd10 ino=7471567 scontext=system_u:system_rrocmail_t:s0 tcontext=unconfined_ubject_r:data_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1323699624.572:2022): arch=c000003e syscall=2 success=no exit=-13 a0=cba680 a1=441 a2=1b7 a3=1 items=0 ppid=18799 pid=18801 auid=4294967295 uid=14060 gid=100 euid=14060 suid=14060 fsuid=14060 egid=100 sgid=100 fsgid=100 tty=(none) ses=4294967295 comm="procmail" exe="/usr/bin/procmail" subj=system_u:system_rrocmail_t:s0 key=(null)
type=AVC msg=audit(1323699624.572:2023): avc: denied { write } for pid=18801 comm="procmail" name="inbox" dev=sdd10 ino=12714135 scontext=system_u:system_rrocmail_t:s0 tcontext=unconfined_ubject_r:data_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1323699624.572:2023): arch=c000003e syscall=2 success=no exit=-13 a0=cb7b50 a1=c1 a2=1b7 a3=65642d6e697373 items=0 ppid=18799 pid=18801 auid=4294967295 uid=14060 gid=100 euid=14060 suid=14060 fsuid=14060 egid=100 sgid=100 fsgid=100 tty=(none) ses=4294967295 comm="procmail" exe="/usr/bin/procmail" subj=system_u:system_rrocmail_t:s0 key=(null)

I am running Fedora 15 with a KDE 4.7.4 desktop, and am using kmail2. When I try to create and install a local
policy to allow this access, a .pp file is created, but installing fails with the following messages.

libsepol.print_missing_requirements: procmail's global requirements were not met: type/attribute procmail_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule: Failed!


The .pp file is

module procmail 1.0;

require {
type data_home_t;
type procmail_t;
class dir write;
class file append;
}

#============= procmail_t ==============
#!!!! The source type 'procmail_t' can write to a 'dir' of the following types:
# user_home_t, var_log_t, procmail_log_t, user_home_dir_t, tmp_t, mail_spool_t, nfs_t

allow procmail_t data_home_t:dir write;
allow procmail_t data_home_t:file append;

I can relabel the mail directory as user_home_t, and procmail works, but I haven't found how to make the
relabel survive a general machine relabel. Any help would be appreciated.

--
Lester M Petrie
865-574-5259
petrielmjr@ornl.gov

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 12-15-2011, 02:02 PM
Daniel J Walsh
 
Default procmail prevented from delivering mail

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/14/2011 05:34 PM, Lester M. Petrie Jr. wrote:
> Hi
>
> When I try to have procmail deliver my email, I get the following
> avc messages:
>
> type=AVC msg=audit(1323699624.572:2022): avc: denied { write }
> for pid=18801 comm="procmail" name="local-mail" dev=sdd10
> ino=7471567 scontext=system_u:system_rrocmail_t:s0
> tcontext=unconfined_ubject_r:data_home_t:s0 tclass=dir
> type=SYSCALL msg=audit(1323699624.572:2022): arch=c000003e
> syscall=2 success=no exit=-13 a0=cba680 a1=441 a2=1b7 a3=1 items=0
> ppid=18799 pid=18801 auid=4294967295 uid=14060 gid=100 euid=14060
> suid=14060 fsuid=14060 egid=100 sgid=100 fsgid=100 tty=(none)
> ses=4294967295 comm="procmail" exe="/usr/bin/procmail"
> subj=system_u:system_rrocmail_t:s0 key=(null) type=AVC
> msg=audit(1323699624.572:2023): avc: denied { write } for
> pid=18801 comm="procmail" name="inbox" dev=sdd10 ino=12714135
> scontext=system_u:system_rrocmail_t:s0
> tcontext=unconfined_ubject_r:data_home_t:s0 tclass=dir
> type=SYSCALL msg=audit(1323699624.572:2023): arch=c000003e
> syscall=2 success=no exit=-13 a0=cb7b50 a1=c1 a2=1b7
> a3=65642d6e697373 items=0 ppid=18799 pid=18801 auid=4294967295
> uid=14060 gid=100 euid=14060 suid=14060 fsuid=14060 egid=100
> sgid=100 fsgid=100 tty=(none) ses=4294967295 comm="procmail"
> exe="/usr/bin/procmail" subj=system_u:system_rrocmail_t:s0
> key=(null)
>
> I am running Fedora 15 with a KDE 4.7.4 desktop, and am using
> kmail2. When I try to create and install a local policy to allow
> this access, a .pp file is created, but installing fails with the
> following messages.
>
> libsepol.print_missing_requirements: procmail's global requirements
> were not met: type/attribute procmail_t (No such file or
> directory). libsemanage.semanage_link_sandbox: Link packages failed
> (No such file or directory). semodule: Failed!
>
>
> The .pp file is
>
> module procmail 1.0;
>
> require { type data_home_t; type procmail_t; class dir write; class
> file append; }
>
> #============= procmail_t ============== #!!!! The source type
> 'procmail_t' can write to a 'dir' of the following types: #
> user_home_t, var_log_t, procmail_log_t, user_home_dir_t, tmp_t,
> mail_spool_t, nfs_t
>
> allow procmail_t data_home_t:dir write; allow procmail_t
> data_home_t:file append;
>
> I can relabel the mail directory as user_home_t, and procmail
> works, but I haven't found how to make the relabel survive a
> general machine relabel. Any help would be appreciated.
>
Never make policy with the same name as an existing. Change this to

module myprocmail 1.0

and it will work.

I take it procmail needs to write to files under ~/.local/share

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7qC+kACgkQrlYvE4MpobOq6QCbBTueIBpouR 0i5RJIK8wDtuQx
skEAoKjiCaI+iCT0W8LVhaVjp4P4wqk8
=4j/+
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 11:58 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org