Re: exim: SELinux
On Mon, Jul 13, 2009 at 5:52 PM, David JM Emmettm...@davidjmemmett.co.uk wrote: Don't mean to be completely rude but doesn't this belong on a support forum? Agree, this does not seem to be related to a system managed by the Infra team. The fedora-list is the appropriate mailing list for this thread. Didar ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: exim: SELinux
On Mon, Jul 13, 2009 at 5:41 AM, Frank Chiullifrankc.fed...@gmail.com wrote: Thomas, Thanks for the suggestion. Unfortunately it did not work. I'm still getting the same error. Frank Is Exim not executing it's job as it is supposed to - as in delivery of mail is hampered by this error? I am no SELinux or Exim expert, but, AFAIK the /boot directory is not supposed to be related to the regular functioning of Exim. Didar ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: exim: SELinux
Didar, Mail is arriving. I just get one SELinux message for every mail message. I agree...exim should not be referencing /boot AFAIK. But I'm not an expert. Frank On Mon, Jul 13, 2009 at 2:14 AM, Didar Hossaindidar.hoss...@gmail.com wrote: On Mon, Jul 13, 2009 at 5:41 AM, Frank Chiullifrankc.fed...@gmail.com wrote: Thomas, Thanks for the suggestion. Unfortunately it did not work. I'm still getting the same error. Frank Is Exim not executing it's job as it is supposed to - as in delivery of mail is hampered by this error? I am no SELinux or Exim expert, but, AFAIK the /boot directory is not supposed to be related to the regular functioning of Exim. Didar ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: exim: SELinux
Don't mean to be completely rude but doesn't this belong on a support forum? On Mon, 2009-07-13 at 05:17 -0700, Frank Chiulli wrote: Didar, Mail is arriving. I just get one SELinux message for every mail message. I agree...exim should not be referencing /boot AFAIK. But I'm not an expert. Frank On Mon, Jul 13, 2009 at 2:14 AM, Didar Hossaindidar.hoss...@gmail.com wrote: On Mon, Jul 13, 2009 at 5:41 AM, Frank Chiullifrankc.fed...@gmail.com wrote: Thomas, Thanks for the suggestion. Unfortunately it did not work. I'm still getting the same error. Frank Is Exim not executing it's job as it is supposed to - as in delivery of mail is hampered by this error? I am no SELinux or Exim expert, but, AFAIK the /boot directory is not supposed to be related to the regular functioning of Exim. Didar ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: exim: SELinux
On 13 Jul 2009, at 13:17, Frank Chiulli wrote: Mail is arriving. I just get one SELinux message for every mail message. I agree...exim should not be referencing /boot AFAIK. But I'm not an expert. Without having seen the config I can only make wild guesses... However the wild guess I would make is that exim is doing a check for available space in the spool and log directories, and this is triggering the SELinux check on the statvfs() call. It is a wild guess though :-) Can you make sure that there are no references to boot in the config files Nigel. -- [ Nigel Metheringham nigel.methering...@intechnology.com ] [ - Comments in this message are my own and not ITO opinion/policy - ] ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
exim: SELinux
This is a recently installed/patched F11 system. It was a fresh install to one disk leaving my home directory untouched on another disk. Today, I installed exim and removed sendmail via yum at the command line. I am using the same exim.conf file that I had used with F10 after having compared it to the original one. I am now receiving the following message when I attempt to retrieve mail from my ISP: Jul 12 14:26:36 flinux setroubleshoot: SELinux is preventing exim (exim_t) getattr boot_t. For complete SELinux messages. run sealert -l e699bb55-c0dc-4bbf-a57e-3d82d6dadcad sealert -l e699bb55-c0dc-4bbf-a57e-3d82d6dadcad Summary: SELinux is preventing exim (exim_t) getattr boot_t. Detailed Description: SELinux denied access requested by exim. It is not expected that this access is required by exim and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Contextunconfined_u:system_r:exim_t:s0 Target Contextsystem_u:object_r:boot_t:s0 Target Objects/boot [ dir ] Sourceexim Source Path /usr/sbin/exim Port Unknown Host flinux Source RPM Packages exim-4.69-10.fc11 Target RPM Packages filesystem-2.4.21-1.fc11 Policy RPMselinux-policy-3.6.12-62.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing ModeEnforcing Plugin Name catchall Host Name flinux Platform Linux flinux 2.6.29.5-191.fc11.i686.PAE #1 SMP Tue Jun 16 23:19:53 EDT 2009 i686 athlon Alert Count 289 First SeenSun Jul 12 14:22:12 2009 Last Seen Sun Jul 12 14:23:53 2009 Local ID e699bb55-c0dc-4bbf-a57e-3d82d6dadcad Line Numbers Raw Audit Messages node=flinux type=AVC msg=audit(1247433833.210:331): avc: denied { getattr } for pid=2508 comm=exim path=/boot dev=sda1 ino=2 scontext=unconfined_u:system_r:exim_t:s0 tcontext=system_u:object_r:boot_t:s0 tclass=dir node=flinux type=SYSCALL msg=audit(1247433833.210:331): arch=4003 syscall=195 success=no exit=-13 a0=bfa2e2c2 a1=bfa2e6b8 a2=b7dbfff4 a3=0 items=0 ppid=2447 pid=2508 auid=500 uid=93 gid=93 euid=93 suid=93 fsuid=93 egid=93 sgid=93 fsgid=93 tty=(none) ses=1 comm=exim exe=/usr/sbin/exim subj=unconfined_u:system_r:exim_t:s0 key=(null) Any thoughts/suggestions? Thanks, Frank ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: exim: SELinux
Am Montag, den 13.07.2009, 00:04 +0200 schrieb Frank Chiulli: SELinux is preventing exim (exim_t) getattr boot_t. Detailed Description: SELinux denied access requested by exim. It is not expected that this access is required by exim and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Any thoughts/suggestions? I once had a similar issue, try: touch /.autorelabel reboot -Thomas ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list