Hi all,
This morning I got several of the following message:
Raw Audit Messages
avc: denied { search } for comm="procmail" dev=sdb6 egid=0 euid=0 exe="/usr/bin/procmail" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="root" pid=4585 scontext=system_u:system_r:procmail_t:s0 sgid=0 subj=system_u:system_r:procmail_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:default_t:s0 tty=(none) uid=0
It looks like procmail is trying to do *something*. I would just like to find out what it is that procmail is trying to do. So I could see whether it is legitemate. I do assume procmail knows what it is doing, but before I relable the system (as indicated in the explanation) I would just like to know: shouldn't the SELinux be fitted to procmail in some way? Is there a way I can get this accomplished i.e. can I report this to procmail as a bug?
Guus Bonnema -- happily running FC7 since this morning --
P.S. I include the complete message, maybe it helps.
============ Explanatory message ======================
Summary SELinux is preventing access to files with the default label, default_t.
Detailed Description SELinux permission checks on files labeled default_t are being denied. These files/directories have the default label on them. This can indicate a labeling problem, especially if the files being referred to are not top level directories. Any files/directories under standard system directories, /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. The default label is for files/directories which do not have a label on a parent directory. So if you create a new directory in / you might legitimately get this label.
Allowing Access If you want a confined domain to use these files you will probably need to relabel the file/directory with chcon. In some cases it is just easier to relabel the system, to relabel execute: "touch /.autorelabel; reboot"
Additional Information
Source Context system_u:system_r:procmail_t Target Context system_u:object_r:default_t Target Objects root [ dir ] Affected RPM Packages procmail-3.22-19.fc7 [application]filesystem-2.4.6-1.fc7 [target] Policy RPM selinux-policy-2.6.4-8.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.default Host Name athene.abonnema.xs4all.nl Platform Linux athene.abonnema.xs4all.nl 2.6.21-1.3194.fc7 #1 SMP Wed May 23 22:47:07 EDT 2007 x86_64 x86_64 Alert Count 2 First Seen Fri 01 Jun 2007 02:22:25 PM CEST Last Seen Fri 01 Jun 2007 02:54:17 PM CEST Local ID 789f2a56-fe70-440b-83a6-d85bc17715ae Line Numbers
Raw Audit Messages
avc: denied { search } for comm="procmail" dev=sdb6 egid=0 euid=0 exe="/usr/bin/procmail" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="root" pid=4585 scontext=system_u:system_r:procmail_t:s0 sgid=0 subj=system_u:system_r:procmail_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:default_t:s0 tty=(none) uid=0
A.J. Bonnema wrote:
Hi all,
This morning I got several of the following message:
Raw Audit Messages
avc: denied { search } for comm="procmail" dev=sdb6 egid=0 euid=0 exe="/usr/bin/procmail" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="root" pid=4585 scontext=system_u:system_r:procmail_t:s0 sgid=0 subj=system_u:system_r:procmail_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:default_t:s0 tty=(none) uid=0
It looks like procmail is trying to do *something*. I would just like to find out what it is that procmail is trying to do. So I could see whether it is legitemate. I do assume procmail knows what it is doing, but before I relable the system (as indicated in the explanation) I would just like to know: shouldn't the SELinux be fitted to procmail in some way? Is there a way I can get this accomplished i.e. can I report this to procmail as a bug?
Guus Bonnema -- happily running FC7 since this morning --
P.S. I include the complete message, maybe it helps.
============ Explanatory message ======================
Summary SELinux is preventing access to files with the default label, default_t.
Detailed Description SELinux permission checks on files labeled default_t are being denied. These files/directories have the default label on them. This can indicate a labeling problem, especially if the files being referred to are not top level directories. Any files/directories under standard system directories, /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. The default label is for files/directories which do not have a label on a parent directory. So if you create a new directory in / you might legitimately get this label.
Allowing Access If you want a confined domain to use these files you will probably need to relabel the file/directory with chcon. In some cases it is just easier to relabel the system, to relabel execute: "touch /.autorelabel; reboot"
Additional Information
Source Context system_u:system_r:procmail_t Target Context system_u:object_r:default_t Target Objects root [ dir ] Affected RPM Packages procmail-3.22-19.fc7 [application]filesystem-2.4.6-1.fc7 [target] Policy RPM selinux-policy-2.6.4-8.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.default Host Name athene.abonnema.xs4all.nl Platform Linux athene.abonnema.xs4all.nl 2.6.21-1.3194.fc7 #1 SMP Wed May 23 22:47:07 EDT 2007 x86_64 x86_64 Alert Count 2 First Seen Fri 01 Jun 2007 02:22:25 PM CEST Last Seen Fri 01 Jun 2007 02:54:17 PM CEST Local ID 789f2a56-fe70-440b-83a6-d85bc17715ae Line Numbers
Raw Audit Messages
avc: denied { search } for comm="procmail" dev=sdb6 egid=0 euid=0 exe="/usr/bin/procmail" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="root" pid=4585 scontext=system_u:system_r:procmail_t:s0 sgid=0 subj=system_u:system_r:procmail_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:default_t:s0 tty=(none) uid=0
restorecon -R -v /root
Should be fixed by the first update release.
-
A.J. Bonnema -
Daniel J Walsh