F12: Selinux 'sendmail' denials on /var/log/message logfile

Daniel B. Thurman dant at cdkkt.com
Fri Mar 5 18:16:27 UTC 2010 

Problems with sendmail:
======================================

Summary:

SELinux is preventing /usr/sbin/sendmail.sendmail "read" access on
/var/log/messages.

Detailed Description:

[sendmail has a permissive type (system_mail_t). This access was not 
denied.]

SELinux denied access requested by sendmail. It is not expected that 
this access
is required by sendmail and this access may signal an intrusion attempt. 
It is
also possible that the specific version or configuration of the 
application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                system_u:system_r:system_mail_t:s0-s0:c0.c1023
Target Context                system_u:object_r:var_log_t:s0
Target Objects                /var/log/messages [ file ]
Source                        sendmail
Source Path                   /usr/sbin/sendmail.sendmail
Port <Unknown>
Host                          host.domain.com
Source RPM Packages           sendmail-8.14.3-8.fc12
Target RPM Packages
Policy RPM                    selinux-policy-3.6.32-92.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     host.domain.com
Platform                      Linux host.domain.com 
2.6.31.12-174.2.22.fc12.i686
                               #1 SMP Fri Feb 19 19:26:06 UTC 2010 i686 i686
Alert Count                   12
First Seen                    Tue 02 Mar 2010 03:12:05 AM PST
Last Seen                     Fri 05 Mar 2010 03:13:28 AM PST
Local ID                      420ceb87-17a4-4e9b-ae71-356723aa6b9f
Line Numbers

Raw Audit Messages

node=host.domain.com type=AVC msg=audit(1267787608.324:42763): avc:  
denied  { read } for  pid=14919 comm="sendmail" path="/var/log/messages" 
dev=sdb8 ino=20167 
scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_log_t:s0 tclass=file

node=host.domain.com type=AVC msg=audit(1267787608.324:42763): avc:  
denied  { read } for  pid=14919 comm="sendmail" path="/var/log/secure" 
dev=sdb8 ino=20415 
scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_log_t:s0 tclass=file

node=host.domain.com type=AVC msg=audit(1267787608.324:42763): avc:  
denied  { read } for  pid=14919 comm="sendmail" path="/var/log/maillog" 
dev=sdb8 ino=21877 
scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_log_t:s0 tclass=file

node=host.domain.com type=SYSCALL msg=audit(1267787608.324:42763): 
arch=40000003 syscall=11 success=yes exit=0 a0=85088a0 a1=8508928 
a2=8507eb0 a3=8508928 items=0 ppid=14865 pid=14919 auid=0 uid=0 gid=0 
euid=0 suid=0 fsuid=0 egid=486 sgid=486 fsgid=486 tty=(none) ses=246 
comm="sendmail" exe="/usr/sbin/sendmail.sendmail" 
subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null)

More information about the selinux mailing list