Denial when calling /bin/mail from initscripts
Jason L Tibbitts III
tibbs at math.uh.edu
Mon Feb 4 16:09:27 UTC 2008
This is a bit odd; I have my machines send an email when they reboot,
and this worked previous to F8 but no F8 it seems that selinux is
preventing that from working properly. rc.local has something like:
HN=`hostname`
date | mail -s $HN obscured at address
When the mail is sent I get the following denial:
audit(1202140440.123:4): avc: denied { read } for pid=2752 comm="sendmail" path=2F746D702F527357566E686E52202864656C6574656429 dev=dm-3 ino=98307 scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file
and a message is sent, but it's mostly empty (no body and no
subject). audit2allow just says
#============= sendmail_t ==============
allow sendmail_t initrc_tmp_t:file read;
but as is unfortunately almost always the case with selinux things, I
understand that would work but I don't understand if it exposes me to
anything or could cause problems later.
- J<
More information about the selinux
mailing list