F12: Selinux 'sendmail' denials on /var/log/message logfile
Daniel B. Thurman
dant at cdkkt.com
Fri Mar 5 18:16:27 UTC 2010
Problems with sendmail:
======================================
Summary:
SELinux is preventing /usr/sbin/sendmail.sendmail "read" access on
/var/log/messages.
Detailed Description:
[sendmail has a permissive type (system_mail_t). This access was not
denied.]
SELinux denied access requested by sendmail. It is not expected that
this access
is required by sendmail and this access may signal an intrusion attempt.
It is
also possible that the specific version or configuration of the
application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.
Additional Information:
Source Context system_u:system_r:system_mail_t:s0-s0:c0.c1023
Target Context system_u:object_r:var_log_t:s0
Target Objects /var/log/messages [ file ]
Source sendmail
Source Path /usr/sbin/sendmail.sendmail
Port <Unknown>
Host host.domain.com
Source RPM Packages sendmail-8.14.3-8.fc12
Target RPM Packages
Policy RPM selinux-policy-3.6.32-92.fc12
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name catchall
Host Name host.domain.com
Platform Linux host.domain.com
2.6.31.12-174.2.22.fc12.i686
#1 SMP Fri Feb 19 19:26:06 UTC 2010 i686 i686
Alert Count 12
First Seen Tue 02 Mar 2010 03:12:05 AM PST
Last Seen Fri 05 Mar 2010 03:13:28 AM PST
Local ID 420ceb87-17a4-4e9b-ae71-356723aa6b9f
Line Numbers
Raw Audit Messages
node=host.domain.com type=AVC msg=audit(1267787608.324:42763): avc:
denied { read } for pid=14919 comm="sendmail" path="/var/log/messages"
dev=sdb8 ino=20167
scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_log_t:s0 tclass=file
node=host.domain.com type=AVC msg=audit(1267787608.324:42763): avc:
denied { read } for pid=14919 comm="sendmail" path="/var/log/secure"
dev=sdb8 ino=20415
scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_log_t:s0 tclass=file
node=host.domain.com type=AVC msg=audit(1267787608.324:42763): avc:
denied { read } for pid=14919 comm="sendmail" path="/var/log/maillog"
dev=sdb8 ino=21877
scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_log_t:s0 tclass=file
node=host.domain.com type=SYSCALL msg=audit(1267787608.324:42763):
arch=40000003 syscall=11 success=yes exit=0 a0=85088a0 a1=8508928
a2=8507eb0 a3=8508928 items=0 ppid=14865 pid=14919 auid=0 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=486 sgid=486 fsgid=486 tty=(none) ses=246
comm="sendmail" exe="/usr/sbin/sendmail.sendmail"
subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null)
More information about the selinux
mailing list