On 08/20/2013 04:43 PM, m.roth@5-cent.us wrote:
SELinux is preventing /usr/bin/mailx from ioctl access on the unix_stream_socket unix_stream_socket.
***** Plugin catchall (100. confidence) suggests
If you believe that mailx should be allowed ioctl access on the unix_stream_socket unix_stream_socket by default.
<snip>
Additional Information: Source Context system_u:system_r:system_mail_t:s0 Target Context system_u:system_r:init_t:s0 Target Objects unix_stream_socket [ unix_stream_socket ] Source mail Source Path /usr/bin/mailx Port <Unknown>
<snip> Source RPM Packages mailx-12.5-8.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-69.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive <snip> Platform Linux <...> 3.10.4-300.fc19.x86_64 #1 SMP Tue Jul 30 11:29:05 UTC 2013 x86_64 x86_64 Alert Count 53 First Seen 2013-07-31 09:17:16 EDT Last Seen 2013-08-20 09:06:53 EDT Local ID c515e3ea-2126-47ac-9d89-5295777101e7
Raw Audit Messages type=AVC msg=audit(1377004013.420:62309): avc: denied { ioctl } for pid=31047 comm="mail" path="socket:[12915]" dev="sockfs" ino=12915 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket
type=SYSCALL msg=audit(1377004013.420:62309): arch=x86_64 syscall=ioctl success=no exit=ENOTTY a0=1 a1=5401 a2=7fff8006f380 a3=7fff8006f1d0 items=0 ppid=31031 pid=31047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=mail exe=/usr/bin/mailx subj=system_u:system_r:system_mail_t:s0 key=(null)
Hash: mail,system_mail_t,init_t,unix_stream_socket,ioctl
mark "call me befuddled"
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
What processes are running as init_t?
# ps -eZ |grep init