On 17/07/17 20:15, Stephen Isard wrote: > On two SL7.3 systems where I have set exim as my mta alternative, I am > getting a lot of entries in /var/log/messages saying "SELinux is > preventing /usr/bin/exim from search access on the directory net", with > the usual accompanying "if you believe that exim should be allowed..." > stuff, but the logs don't explain what call to exim triggered the messages. > > Sealert -l tells me > > Raw Audit Messages > type=AVC msg=audit(1500313603.937:268): avc: denied { search } for > pid=3097 comm="exim" name="net" dev="proc" ino=7154 > scontext=system_u:system_r:exim_t:s0 > tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir > > type=SYSCALL msg=audit(1500313603.937:268): arch=x86_64 syscall=open > success=no exit=EACCES a0=7ff03baef4b0 a1=80000 a2=1b6 a3=24 items=0 > ppid=781 pid=3097 auid=4294967295 uid=0 gid=93 euid=0 suid=0 fsuid=0 > egid=93 sgid=93 fsgid=93 tty=(none) ses=4294967295 comm=exim > exe=/usr/sbin/exim subj=system_u:system_r:exim_t:s0 key=(null) > > which doesn't seem to be much help. > > Searches turn up two Centos 7 reports, > https://bugs.centos.org/view.php?id=13247 and > https://bugs.centos.org/view.php?id=12913 that look as if they might be > the same thing with different mta alternatives, but no response to either.
Yes, this is exim trying to read some files in /proc/sys/net, starting with scanning the directory. I'd suggest reporting this as an bug in the Red Hat bug tracker, file it under selinux-policy component - that team should be able to figure out if this is a bug or not. My quick search there didn't turn up anything in particular. -- kind regards, David Sommerseth