9:44 p.m.
Should we file a report on the issue below?
time->Mon Jun 13 08:50:37 2016
type=AVC msg=audit(1465833037.215:3116): avc: denied { create } for
pid=5356 comm="procmail" name="_sTB.NZtXXB.douglas"
scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
----
time->Mon Jun 13 08:50:37 2016
type=AVC msg=audit(1465833037.215:3117): avc: denied { create } for
pid=5356 comm="procmail" name="spamlog"
scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
----
time->Mon Jun 13 08:50:37 2016
type=AVC msg=audit(1465833037.215:3118): avc: denied { create } for
pid=5356 comm="procmail" name="_sTB,NZtXXB.douglas"
scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
----
time->Mon Jun 13 08:50:37 2016
type=AVC msg=audit(1465833037.215:3119): avc: denied { create } for
pid=5356 comm="procmail" name="spamlog"
scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
3:03 a.m.
On 06/14/2016 04:44 AM, David Highley wrote:
Should we file a report on the issue below?
time->Mon Jun 13 08:50:37 2016
type=AVC msg=audit(1465833037.215:3116): avc: denied { create } for
pid=5356 comm="procmail" name="_sTB.NZtXXB.douglas"
scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
----
time->Mon Jun 13 08:50:37 2016
type=AVC msg=audit(1465833037.215:3117): avc: denied { create } for
pid=5356 comm="procmail" name="spamlog"
scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
----
time->Mon Jun 13 08:50:37 2016
type=AVC msg=audit(1465833037.215:3118): avc: denied { create } for
pid=5356 comm="procmail" name="_sTB,NZtXXB.douglas"
scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
----
time->Mon Jun 13 08:50:37 2016
type=AVC msg=audit(1465833037.215:3119): avc: denied { create } for
pid=5356 comm="procmail" name="spamlog"
scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
Yes, please open a new bug and we can discuss it in the bug. We will
need to have also AVCs from permissive mode and I am looking for a path
to "spamlog"?
Thank you.
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.
7:34 p.m.
On 06/13/2016 09:44 PM, David Highley wrote:
Should we file a report on the issue below?
time->Mon Jun 13 08:50:37 2016
type=AVC msg=audit(1465833037.215:3116): avc: denied { create } for
pid=5356 comm="procmail" name="_sTB.NZtXXB.douglas"
scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
----
time->Mon Jun 13 08:50:37 2016
type=AVC msg=audit(1465833037.215:3117): avc: denied { create } for
pid=5356 comm="procmail" name="spamlog"
scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
----
time->Mon Jun 13 08:50:37 2016
type=AVC msg=audit(1465833037.215:3118): avc: denied { create } for
pid=5356 comm="procmail" name="_sTB,NZtXXB.douglas"
scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
----
time->Mon Jun 13 08:50:37 2016
type=AVC msg=audit(1465833037.215:3119): avc: denied { create } for
pid=5356 comm="procmail" name="spamlog"
scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
Here's a 6-year-old thread discussing this same issue. Apparently it's
still unresolved since I'm still using the local policy mentioned in the
thread.
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject...
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
2:56 a.m.
On 06/17/2016 02:34 AM, Robert Nichols wrote:
On 06/13/2016 09:44 PM, David Highley wrote:
> Should we file a report on the issue below?
>
> time->Mon Jun 13 08:50:37 2016
> type=AVC msg=audit(1465833037.215:3116): avc: denied { create } for
> pid=5356 comm="procmail" name="_sTB.NZtXXB.douglas"
> scontext=system_u:system_r:procmail_t:s0
> tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
> ----
> time->Mon Jun 13 08:50:37 2016
> type=AVC msg=audit(1465833037.215:3117): avc: denied { create } for
> pid=5356 comm="procmail" name="spamlog"
> scontext=system_u:system_r:procmail_t:s0
> tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
> ----
> time->Mon Jun 13 08:50:37 2016
> type=AVC msg=audit(1465833037.215:3118): avc: denied { create } for
> pid=5356 comm="procmail" name="_sTB,NZtXXB.douglas"
> scontext=system_u:system_r:procmail_t:s0
> tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
> ----
> time->Mon Jun 13 08:50:37 2016
> type=AVC msg=audit(1465833037.215:3119): avc: denied { create } for
> pid=5356 comm="procmail" name="spamlog"
> scontext=system_u:system_r:procmail_t:s0
> tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
> --
> selinux mailing list
> selinux(a)lists.fedoraproject.org
> https://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
>
Here's a 6-year-old thread discussing this same issue. Apparently it's
still unresolved since I'm still using the local policy mentioned in the
thread.
It is a valid point. Previously, we was not able to fix it in an easy
way. Currently, we have filename transitions rules where we can define
file type transitions for specific files or directories.
Thank you.
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.
9:45 p.m.
"Miroslav Grepl wrote:"
On 06/17/2016 02:34 AM, Robert Nichols wrote:
> On 06/13/2016 09:44 PM, David Highley wrote:
>> Should we file a report on the issue below?
>>
>> time->Mon Jun 13 08:50:37 2016
>> type=AVC msg=audit(1465833037.215:3116): avc: denied { create } for
>> pid=5356 comm="procmail" name="_sTB.NZtXXB.douglas"
>> scontext=system_u:system_r:procmail_t:s0
>> tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
>> ----
>> time->Mon Jun 13 08:50:37 2016
>> type=AVC msg=audit(1465833037.215:3117): avc: denied { create } for
>> pid=5356 comm="procmail" name="spamlog"
>> scontext=system_u:system_r:procmail_t:s0
>> tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
>> ----
>> time->Mon Jun 13 08:50:37 2016
>> type=AVC msg=audit(1465833037.215:3118): avc: denied { create } for
>> pid=5356 comm="procmail" name="_sTB,NZtXXB.douglas"
>> scontext=system_u:system_r:procmail_t:s0
>> tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
>> ----
>> time->Mon Jun 13 08:50:37 2016
>> type=AVC msg=audit(1465833037.215:3119): avc: denied { create } for
>> pid=5356 comm="procmail" name="spamlog"
>> scontext=system_u:system_r:procmail_t:s0
>> tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
>> --
>> selinux mailing list
>> selinux(a)lists.fedoraproject.org
>> https://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
>>
>
> Here's a 6-year-old thread discussing this same issue. Apparently it's
> still unresolved since I'm still using the local policy mentioned in the
> thread.
It is a valid point. Previously, we was not able to fix it in an easy
way. Currently, we have filename transitions rules where we can define
file type transitions for specific files or directories.
Thank you.
>
>
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject...
>
>
Problem report has been submitted. It took a little while to get an AVC
in the Permissive mode and then bugzilla seem to be having issues.
https://bugzilla.redhat.com/show_bug.cgi?id=1347901
>
>
> --
> Miroslav Grepl
> Senior Software Engineer, SELinux Solutions
> Red Hat, Inc.
> --
> selinux mailing list
> selinux(a)lists.fedoraproject.org
> https://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
>
2862
days inactive
2866
days old
selinux@lists.fedoraproject.org
4 comments
3 participants
participants (3)
-
David Highley -
Miroslav Grepl -
Robert Nichols