On 03/05/2010 07:41 PM, Daniel B. Thurman wrote:
Not sure what you mean by going into permissive mode.. you
mean: setenforce=0?
> We know it wants to write to the mqueue dir, question is: for
what
> purpose. Does it want to create something there and why?
>
Beats me! Not enough information to go on...
>> =================================================
>>
>> Summary:
>>
>> SELinux is preventing /usr/bin/procmail "write" access on
>> /var/spool/mqueue.
>>
>> Detailed Description:
>>
>> SELinux denied access requested by procmail. It is not expected that
>> this access
>> is required by procmail and this access may signal an intrusion attempt.
>> It is
>> also possible that the specific version or configuration of the
>> application is
>> causing it to require additional access.
>>
>> Allowing Access:
>>
>> You can generate a local policy module to allow this access - see FAQ
>> (
http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please
>> file a bug
>> report.
>>
>> Additional Information:
>>
>> Source Context system_u:system_r:procmail_t:s0
>> Target Context system_u:object_r:mqueue_spool_t:s0
>> Target Objects /var/spool/mqueue [ dir ]
>> Source procmail
>> Source Path /usr/bin/procmail
>> Port<Unknown>
>> Host
host.domain.com
>> Source RPM Packages procmail-3.22-25.fc12
>> Target RPM Packages sendmail-8.14.3-8.fc12
>> Policy RPM selinux-policy-3.6.32-89.fc12
>> Selinux Enabled True
>> Policy Type targeted
>> Enforcing Mode Enforcing
>> Plugin Name catchall
>> Host Name
host.domain.com
>> Platform Linux
host.domain.com
>> 2.6.31.12-174.2.22.fc12.i686
>> #1 SMP Fri Feb 19 19:26:06 UTC 2010
>> i686 i686
>> Alert Count 9
>> First Seen Tue 02 Mar 2010 03:12:16 AM PST
>> Last Seen Tue 02 Mar 2010 05:13:03 AM PST
>> Local ID 5c68ab75-d7e0-4e2d-b380-857eb7e33c68
>> Line Numbers
>>
>> Raw Audit Messages
>>
>>
node=host.domain.com type=AVC msg=audit(1267535583.841:38780): avc:
>> denied { write } for pid=12554 comm="procmail"
name="mqueue" dev=sdb8
>> ino=29627 scontext=system_u:system_r:procmail_t:s0
>> tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=dir
>>
>>
node=host.domain.com type=SYSCALL msg=audit(1267535583.841:38780):
>> arch=40000003 syscall=5 success=no exit=-13 a0=92f6d68 a1=8441 a2=1b7
>> a3=1b7 items=0 ppid=12553 pid=12554 auid=4294967295 uid=0 gid=12 euid=0
>> suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
>> comm="procmail" exe="/usr/bin/procmail"
>> subj=system_u:system_r:procmail_t:s0 key=(null)
>>