On 08/10/2009 11:18 AM, Daniel B. Thurman wrote:
> I got this AVC complaint fairly recently so please
> let me know how to fix this one thanks!
>
> File: /var/log/messages
> =================================================
> setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read" to
> /var/log/messages (var_log_t). For complete SELinux messages. run
> sealert -l 5672ff6c-ad2c-4d3b-aa2b-4c53178ed5f2
>
>
> $ sealert -l 5672ff6c-ad2c-4d3b-aa2b-4c53178ed5f2
> =================================================
> Summary:
>
> SELinux is preventing sendmail (system_mail_t) "read" to /var/log/messages
> (var_log_t).
>
> Detailed Description:
>
> SELinux denied access requested by sendmail. It is not expected that
> this access
> is required by sendmail and this access may signal an intrusion attempt.
> It is
> also possible that the specific version or configuration of the
> application is
> causing it to require additional access.
>
> Allowing Access:
>
> Sometimes labeling problems can cause SELinux denials. You could try to
> restore
> the default system file context for /var/log/messages,
>
> restorecon -v '/var/log/messages'
>
> If this does not work, there is currently no automatic way to allow this
> access.
> Instead, you can generate a local policy module to allow this access -
> see FAQ
> (
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
> Please file a bug report
> (
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context
> system_u:system_r:system_mail_t:s0-s0:c0.c1023
> Target Context system_u:object_r:var_log_t:s0
> Target Objects /var/log/messages [ file ]
> Source sendmail
> Source Path /usr/sbin/sendmail.sendmail
> Port <Unknown>
> Host
mysystem.mydomain.com
> Source RPM Packages sendmail-8.14.2-4.fc9
> Target RPM Packages Policy RPM
> selinux-policy-3.3.1-135.fc9
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall_file
> Host Name
mysystem.mydomain.com
> Platform Linux
mysystem.mydomain.com
> 2.6.27.25-78.2.56.fc9.i686 #1
> SMP Thu Jun 18 12:47:50 EDT 2009 i686 i686
> Alert Count 1
> First Seen Mon Aug 10 04:47:23 2009
> Last Seen Mon Aug 10 04:47:23 2009
> Local ID 5672ff6c-ad2c-4d3b-aa2b-4c53178ed5f2
> Line Numbers
> Raw Audit Messages
>
node=mysystem.mydomain.com type=AVC msg=audit(1249904843.352:37350):
> avc: denied { read } for pid=16757 comm="sendmail"
> path="/var/log/messages" dev=sda6 ino=86361
> scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:var_log_t:s0 tclass=file
>
>
node=mysystem.mydomain.com type=AVC msg=audit(1249904843.352:37350):
> avc: denied { read } for pid=16757 comm="sendmail"
> path="/var/log/secure" dev=sda6 ino=86369
> scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:var_log_t:s0 tclass=file
>
>
node=mysystem.mydomain.com type=AVC msg=audit(1249904843.352:37350):
> avc: denied { read } for pid=16757 comm="sendmail"
> path="/var/log/maillog" dev=sda6 ino=4956165
> scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:var_log_t:s0 tclass=file
>
>
node=mysystem.mydomain.com type=SYSCALL msg=audit(1249904843.352:37350):
> arch=40000003 syscall=11 success=yes exit=0 a0=8f4e3d0 a1=8f4e458
> a2=8f4da48 a3=0 items=0 ppid=16704 pid=16757 auid=0 uid=0 gid=0 euid=0
> suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) ses=6305
> comm="sendmail" exe="/usr/sbin/sendmail.sendmail"
> subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null)
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
Well Number one Fedora 9 is no longer supported. Please upgrade to F10 or preferably
F11.
If you do not want to do this, you can add custom policy
# grep sendmail /var/log/audit/audit.log | audit2allow -M mysendmail
# semodule -i mysendmail.pp