Should we file a report on the issue below?
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3116): avc: denied { create } for pid=5356 comm="procmail" name="_sTB.NZtXXB.douglas" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0 ---- time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3117): avc: denied { create } for pid=5356 comm="procmail" name="spamlog" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0 ---- time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3118): avc: denied { create } for pid=5356 comm="procmail" name="_sTB,NZtXXB.douglas" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0 ---- time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3119): avc: denied { create } for pid=5356 comm="procmail" name="spamlog" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
On 06/14/2016 04:44 AM, David Highley wrote:
Should we file a report on the issue below?
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3116): avc: denied { create } for pid=5356 comm="procmail" name="_sTB.NZtXXB.douglas" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3117): avc: denied { create } for pid=5356 comm="procmail" name="spamlog" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3118): avc: denied { create } for pid=5356 comm="procmail" name="_sTB,NZtXXB.douglas" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3119): avc: denied { create } for pid=5356 comm="procmail" name="spamlog" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0 -- selinux mailing list selinux@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
Yes, please open a new bug and we can discuss it in the bug. We will need to have also AVCs from permissive mode and I am looking for a path to "spamlog"?
Thank you.
On 06/13/2016 09:44 PM, David Highley wrote:
Should we file a report on the issue below?
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3116): avc: denied { create } for pid=5356 comm="procmail" name="_sTB.NZtXXB.douglas" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3117): avc: denied { create } for pid=5356 comm="procmail" name="spamlog" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3118): avc: denied { create } for pid=5356 comm="procmail" name="_sTB,NZtXXB.douglas" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3119): avc: denied { create } for pid=5356 comm="procmail" name="spamlog" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0 -- selinux mailing list selinux@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
Here's a 6-year-old thread discussing this same issue. Apparently it's still unresolved since I'm still using the local policy mentioned in the thread.
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...
On 06/17/2016 02:34 AM, Robert Nichols wrote:
On 06/13/2016 09:44 PM, David Highley wrote:
Should we file a report on the issue below?
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3116): avc: denied { create } for pid=5356 comm="procmail" name="_sTB.NZtXXB.douglas" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3117): avc: denied { create } for pid=5356 comm="procmail" name="spamlog" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3118): avc: denied { create } for pid=5356 comm="procmail" name="_sTB,NZtXXB.douglas" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3119): avc: denied { create } for pid=5356 comm="procmail" name="spamlog" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0 -- selinux mailing list selinux@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
Here's a 6-year-old thread discussing this same issue. Apparently it's still unresolved since I'm still using the local policy mentioned in the thread.
It is a valid point. Previously, we was not able to fix it in an easy way. Currently, we have filename transitions rules where we can define file type transitions for specific files or directories.
Thank you.
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...
"Miroslav Grepl wrote:"
On 06/17/2016 02:34 AM, Robert Nichols wrote:
On 06/13/2016 09:44 PM, David Highley wrote:
Should we file a report on the issue below?
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3116): avc: denied { create } for pid=5356 comm="procmail" name="_sTB.NZtXXB.douglas" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3117): avc: denied { create } for pid=5356 comm="procmail" name="spamlog" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3118): avc: denied { create } for pid=5356 comm="procmail" name="_sTB,NZtXXB.douglas" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3119): avc: denied { create } for pid=5356 comm="procmail" name="spamlog" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0 -- selinux mailing list selinux@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
Here's a 6-year-old thread discussing this same issue. Apparently it's still unresolved since I'm still using the local policy mentioned in the thread.
It is a valid point. Previously, we was not able to fix it in an easy way. Currently, we have filename transitions rules where we can define file type transitions for specific files or directories.
Thank you.
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...
Problem report has been submitted. It took a little while to get an AVC in the Permissive mode and then bugzilla seem to be having issues. https://bugzilla.redhat.com/show_bug.cgi?id=1347901
-- Miroslav Grepl Senior Software Engineer, SELinux Solutions Red Hat, Inc. -- selinux mailing list selinux@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
selinux@lists.fedoraproject.org