SE Linux errors
Bruno Wolff III
bruno at wolff.to
Sun Sep 16 12:59:33 UTC 2007
On Sat, Sep 15, 2007 at 10:39:29 -0700,
Don Russell <fedora at drussell.dnsalias.com> wrote:
>
> I have used the suggested commands to "relabel" things... but the error
> messages persist. :-(
It isn't always a good idea to follow those instructions blindly.
> SELinux has denied /usr/bin/fetchmail access to potentially mislabeled
> file(s) (/home/don/.fetchmailrc). This means that SELinux will not allow
> /usr/bin/fetchmail to use these files. It is common for users to edit
> files in their home directory or tmp directories and then move (mv) them
> to system directories. The problem is that the files end up with the
> wrong file context which confined applications are not allowed to access.
Note that the files are still in your home directory. That suggests that
that the advice you are about to get is based on the assumption that
you mv'd them someplace you shouldn't and that may not apply in this case.
> Allowing Access
> If you want /usr/bin/fetchmail to access this files, you need to relabel
> them using restorecon -v /home/don/.fetchmailrc. You might want to
> relabel the entire directory using restorecon -R -v /home/don.
> Additional Information
>
> Source Context: system_u:system_r:fetchmail_t
> Target Context: user_u:object_r:user_home_t
> Target Objects: /home/don/.fetchmailrc [ file ]
Is fetchmail supposed to be able to read config files in your home
directory? If it is, it may be a bug in the policy. If that seems likely to
you, then you may want to use audit2allow to allow this for now and file
a bug report against fetchmail and add danwalsh as a cc.
More information about the users
mailing list