So just where is procmail_t allowed to write/create/rename etc?
Dominick Grift
domg472 at gmail.com
Fri Mar 5 18:25:12 UTC 2010
On 03/05/2010 07:20 PM, Daniel B. Thurman wrote:
> I get all sorts of procmail selinux issues (not to hijack this thread,
> but might
> be related?). Here is one of many:
This indicates to me that procmail may want to create objects in the
mqueue directory.
Can you reproduce this? Would be even better if you could do in
permissive mode so that we can see what else it wants.
We know it wants to write to the mqueue dir, question is: for what
purpose. Does it want to create something there and why?
> =================================================
>
> Summary:
>
> SELinux is preventing /usr/bin/procmail "write" access on /var/spool/mqueue.
>
> Detailed Description:
>
> SELinux denied access requested by procmail. It is not expected that
> this access
> is required by procmail and this access may signal an intrusion attempt.
> It is
> also possible that the specific version or configuration of the
> application is
> causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
> report.
>
> Additional Information:
>
> Source Context system_u:system_r:procmail_t:s0
> Target Context system_u:object_r:mqueue_spool_t:s0
> Target Objects /var/spool/mqueue [ dir ]
> Source procmail
> Source Path /usr/bin/procmail
> Port <Unknown>
> Host host.domain.com
> Source RPM Packages procmail-3.22-25.fc12
> Target RPM Packages sendmail-8.14.3-8.fc12
> Policy RPM selinux-policy-3.6.32-89.fc12
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name host.domain.com
> Platform Linux host.domain.com
> 2.6.31.12-174.2.22.fc12.i686
> #1 SMP Fri Feb 19 19:26:06 UTC 2010 i686 i686
> Alert Count 9
> First Seen Tue 02 Mar 2010 03:12:16 AM PST
> Last Seen Tue 02 Mar 2010 05:13:03 AM PST
> Local ID 5c68ab75-d7e0-4e2d-b380-857eb7e33c68
> Line Numbers
>
> Raw Audit Messages
>
> node=host.domain.com type=AVC msg=audit(1267535583.841:38780): avc:
> denied { write } for pid=12554 comm="procmail" name="mqueue" dev=sdb8
> ino=29627 scontext=system_u:system_r:procmail_t:s0
> tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=dir
>
> node=host.domain.com type=SYSCALL msg=audit(1267535583.841:38780):
> arch=40000003 syscall=5 success=no exit=-13 a0=92f6d68 a1=8441 a2=1b7
> a3=1b7 items=0 ppid=12553 pid=12554 auid=4294967295 uid=0 gid=12 euid=0
> suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
> comm="procmail" exe="/usr/bin/procmail"
> subj=system_u:system_r:procmail_t:s0 key=(null)
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100305/5a967b66/attachment-0001.bin
More information about the selinux
mailing list