procmail vs amanda selinux hits
Daniel J Walsh
dwalsh at redhat.com
Wed Jan 16 13:58:39 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gene Heskett wrote:
> Greetings;
>
> At about the time the backup program amanda is due to send me an email, I'm
> getting popups from selinux.
>
> Amanda is at times trying to send the user gene an email, some of which I do
> get, but:
>
>>From setroubleshoot:
> SUMMARY
> SELinux is preventing /usr/bin/procmail (procmail_t) "search" to (var_log_t).
>
> Detailed Description
> SELinux denied access requested by /usr/bin/procmail. It is not expected that
> this access is required by /usr/bin/procmail and this access may signal an
> intrusion attempt. It is also possible that the specific version or
> configuration of the application is causing it to require additional access.
>
> Allowing Access
> Sometimes labeling problems can cause SELinux denials. You could try to
> restore the default system file context for , restorecon -v If this does not
> work, there is currently no automatic way to allow this access. Instead, you
> can generate a local policy module to allow this access - see FAQ Or you can
> disable SELinux protection altogether. Disabling SELinux protection is not
> recommended. Please file a bug report against this package.
> =====================================
> Note the space before the comma above, is a name missing?
> Also I have not done the restorecon -v as I've used the advice from
> setroubleshooter to clear a goodly number of squawks.
> =====================================
> Additional Information
> Source Context: system_u:system_r:procmail_t:s0
> Target Context: system_u:object_r:var_log_t:s0
> Target Objects: None [ dir ]
> Affected RPM Packages: procmail-3.22-20.fc8 [application]
> Policy RPM: selinux-policy-3.0.8-74.fc8Selinux
> Enabled: True
> Policy Type: targeted
> MLS Enabled: True
> Enforcing Mode: Enforcing
> Plugin Name: plugins.catchall_file
> Host Name: coyote.coyote.den
> Platform: Linux coyote.coyote.den 2.6.24-rc7 #1 SMP Mon Jan 14 10:00:40 EST
> 2008 i686 athlon
> Alert Count: 26
> First Seen: Wed 09 Jan 2008 05:09:14 AM EST
> Last Seen: Wed 16 Jan 2008 05:09:15 AM EST
> Local ID: bfec6c3c-7d3b-47f7-9174-a2251b12534a
> Line Numbers:
> Raw Audit Messages :avc: denied { search } for comm=procmail dev=dm-0 egid=500
> euid=500 exe=/usr/bin/procmail exit=-13 fsgid=500 fsuid=500 gid=500 items=0
> name=log pid=15219 scontext=system_u:system_r:procmail_t:s0 sgid=0
> subj=system_u:system_r:procmail_t:s0 suid=500 tclass=dir
> tcontext=system_u:object_r:var_log_t:s0 tty=(none) uid=500
>
> Comments people?
>
Should be allowed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeODY8ACgkQrlYvE4MpobPHKACcDKr66XLSfDV30clJPv1z1tJK
6E0AoOA5tGI518Ftz1r3/nfQrqDWh0HR
=RCOf
-----END PGP SIGNATURE-----
More information about the selinux
mailing list