Re: So just where is procmail_t allowed to write/create/rename etc?

Friday, 5 March 2010

On 03/05/2010 07:41 PM, Daniel B. Thurman wrote:

...
 Not sure what you mean by going into permissive mode.. you
 mean: setenforce=0? 
setenforce 0

< reproduce issue >

paste avc denials here.

setenforce 1

...
> We know it wants to write to the mqueue dir, question is: for
what
> purpose. Does it want to create something there and why?
>    
 Beats me!  Not enough information to go on...
>> =================================================
>>
>> Summary:
>>
>> SELinux is preventing /usr/bin/procmail "write" access on
>> /var/spool/mqueue.
>>
>> Detailed Description:
>>
>> SELinux denied access requested by procmail. It is not expected that
>> this access
>> is required by procmail and this access may signal an intrusion attempt.
>> It is
>> also possible that the specific version or configuration of the
>> application is
>> causing it to require additional access.
>>
>> Allowing Access:
>>
>> You can generate a local policy module to allow this access - see FAQ
>> (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please
>> file a bug
>> report.
>>
>> Additional Information:
>>
>> Source Context                system_u:system_r:procmail_t:s0
>> Target Context                system_u:object_r:mqueue_spool_t:s0
>> Target Objects                /var/spool/mqueue [ dir ]
>> Source                        procmail
>> Source Path                   /usr/bin/procmail
>> Port<Unknown>
>> Host                          host.domain.com
>> Source RPM Packages           procmail-3.22-25.fc12
>> Target RPM Packages           sendmail-8.14.3-8.fc12
>> Policy RPM                    selinux-policy-3.6.32-89.fc12
>> Selinux Enabled               True
>> Policy Type                   targeted
>> Enforcing Mode                Enforcing
>> Plugin Name                   catchall
>> Host Name                     host.domain.com
>> Platform                      Linux host.domain.com
>> 2.6.31.12-174.2.22.fc12.i686
>>                                 #1 SMP Fri Feb 19 19:26:06 UTC 2010
>> i686 i686
>> Alert Count                   9
>> First Seen                    Tue 02 Mar 2010 03:12:16 AM PST
>> Last Seen                     Tue 02 Mar 2010 05:13:03 AM PST
>> Local ID                      5c68ab75-d7e0-4e2d-b380-857eb7e33c68
>> Line Numbers
>>
>> Raw Audit Messages
>>
>> node=host.domain.com type=AVC msg=audit(1267535583.841:38780): avc:
>> denied  { write } for  pid=12554 comm="procmail"
name="mqueue" dev=sdb8
>> ino=29627 scontext=system_u:system_r:procmail_t:s0
>> tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=dir
>>
>> node=host.domain.com type=SYSCALL msg=audit(1267535583.841:38780):
>> arch=40000003 syscall=5 success=no exit=-13 a0=92f6d68 a1=8441 a2=1b7
>> a3=1b7 items=0 ppid=12553 pid=12554 auid=4294967295 uid=0 gid=12 euid=0
>> suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
>> comm="procmail" exe="/usr/bin/procmail"
>> subj=system_u:system_r:procmail_t:s0 key=(null)
>>      

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004