On 08/20/2013 04:43 PM, m.roth(a)5-cent.us wrote:
SELinux is preventing /usr/bin/mailx from ioctl access on the
unix_stream_socket unix_stream_socket.
***** Plugin catchall (100. confidence) suggests
***************************
If you believe that mailx should be allowed ioctl access on the
unix_stream_socket unix_stream_socket by default.
<snip>
Additional Information:
Source Context system_u:system_r:system_mail_t:s0
Target Context system_u:system_r:init_t:s0
Target Objects unix_stream_socket [ unix_stream_socket ]
Source mail
Source Path /usr/bin/mailx
Port <Unknown>
<snip>
Source RPM Packages mailx-12.5-8.fc19.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.12.1-69.fc19.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
<snip>
Platform Linux <...> 3.10.4-300.fc19.x86_64 #1 SMP
Tue Jul
30 11:29:05 UTC 2013 x86_64 x86_64
Alert Count 53
First Seen 2013-07-31 09:17:16 EDT
Last Seen 2013-08-20 09:06:53 EDT
Local ID c515e3ea-2126-47ac-9d89-5295777101e7
Raw Audit Messages
type=AVC msg=audit(1377004013.420:62309): avc: denied { ioctl } for
pid=31047 comm="mail" path="socket:[12915]" dev="sockfs"
ino=12915
scontext=system_u:system_r:system_mail_t:s0
tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket
type=SYSCALL msg=audit(1377004013.420:62309): arch=x86_64 syscall=ioctl
success=no exit=ENOTTY a0=1 a1=5401 a2=7fff8006f380 a3=7fff8006f1d0
items=0 ppid=31031 pid=31047 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=mail
exe=/usr/bin/mailx subj=system_u:system_r:system_mail_t:s0 key=(null)
Hash: mail,system_mail_t,init_t,unix_stream_socket,ioctl
mark "call me befuddled"
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux What processes are running
as init_t?
# ps -eZ |grep init