On two SL7.3 systems where I have set exim as my mta alternative, I am
getting a lot of entries in /var/log/messages saying "SELinux is
preventing /usr/bin/exim from search access on the directory net", with
the usual accompanying "if you believe that exim should be allowed..."
stuff, but the logs don't explain what call to exim triggered the
messages.
Sealert -l tells me
Raw Audit Messages
type=AVC msg=audit(1500313603.937:268): avc: denied { search } for
pid=3097 comm="exim" name="net" dev="proc" ino=7154
scontext=system_u:system_r:exim_t:s0
tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir
type=SYSCALL msg=audit(1500313603.937:268): arch=x86_64 syscall=open
success=no exit=EACCES a0=7ff03baef4b0 a1=80000 a2=1b6 a3=24 items=0
ppid=781 pid=3097 auid=4294967295 uid=0 gid=93 euid=0 suid=0 fsuid=0
egid=93 sgid=93 fsgid=93 tty=(none) ses=4294967295 comm=exim
exe=/usr/sbin/exim subj=system_u:system_r:exim_t:s0 key=(null)
which doesn't seem to be much help.
Searches turn up two Centos 7 reports,
https://bugs.centos.org/view.php?id=13247 and
https://bugs.centos.org/view.php?id=12913 that look as if they might be
the same thing with different mta alternatives, but no response to
either.
All that the mta is supposed to be doing on these systems is reporting
the output of cron jobs, and that appears to be happening correctly, so
I am puzzled as to what this is about. I'm not even sure what net
directory is being referred to. /proc/net? Does an mta need to look in
that directory? I can send mail internally, to and from my local user
and root, and that doesn't provoke selinux messages in the logs.
Any suggestions for where to look?
Thanks,
Stephen Isard
