Antonio Olivares wrote:
--- Don Russell <fedora@xxxxxxxxxxxxxxxxxxxxx> wrote:
I've finally decided to see if I can get rid of all
my SELinux errors.
A great help in this was installed the
setroubleshoot package.
This is on FC7...
I am unable to get rid of the following error
regarding fetchmail not
being able to access .fetchmailrc in home
directories.
I have used the suggested commands to "relabel"
things... but the error
messages persist. :-(
What am I missing?
Summary
SELinux is preventing the /usr/bin/fetchmail from
using potentially
mislabeled files (/home/don/.fetchmailrc).
Detailed Description
SELinux has denied /usr/bin/fetchmail access to
potentially mislabeled
file(s) (/home/don/.fetchmailrc). This means that
SELinux will not allow
/usr/bin/fetchmail to use these files. It is common
for users to edit
files in their home directory or tmp directories and
then move (mv) them
to system directories. The problem is that the files
end up with the
wrong file context which confined applications are
not allowed to access.
Allowing Access
If you want /usr/bin/fetchmail to access this files,
you need to relabel
them using restorecon -v /home/don/.fetchmailrc. You
might want to
relabel the entire directory using restorecon -R -v
/home/don.
Additional Information
Source Context: system_u:system_r:fetchmail_t
Target Context: user_u:object_r:user_home_t
Target Objects: /home/don/.fetchmailrc [ file ]
Affected RPM Packages: fetchmail-6.3.7-2.fc7
[application]
Policy RPM: selinux-policy-2.6.4-40.fc7
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Permissive
Plugin Name: plugins.home_tmp_bad_labels
Host Name: boris
Platform: Linux boris 2.6.22.5-76.fc7 #1 SMP Thu
Aug 30 13:47:21 EDT
2007 i686 i686
Alert Count: 45
First Seen: Wed Sep 12 22:16:56 2007
Last Seen: Sat Sep 15 08:36:21 2007
Local ID: 85646638-60c7-4360-98aa-96a137eb018a
Line Numbers:
Raw Audit Messages :
avc: denied { getattr } for comm="fetchmail"
dev=dm-0 egid=500 euid=500
exe="/usr/bin/fetchmail" exit=0 fsgid=500 fsuid=500
gid=500 items=0
name=".fetchmailrc" path="/home/don/.fetchmailrc"
pid=2969
scontext=system_u:system_r:fetchmail_t:s0 sgid=500
subj=system_u:system_r:fetchmail_t:s0 suid=500
tclass=file
tcontext=user_u:object_r:user_home_t:s0 tty=(none)
uid=500
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-list
Don,
I am no expert here on selinux, but when I have run
into problems with it, I try the suggestions:
# restorecon -v /home/don/.fetchmailrc.
Did that.. it was suggested in the message fro the troubleshoot package...
You might want to
relabel the entire directory using
# restorecon -R -v /home/don.
Ditto....
If this do not work like you are stating, the next
step is to try the two commands as su - SuperUser
Mode:
# touch ./autorelabel
# reboot
Ah ha! Thank you.... I did that last night, and this morning those
message have stopped.
Thank you. :-)
and if that does not work check the selinux policy to
see that it is the latest one. Selinux is difficult
many times, but there are some kind users on this list
and the fedora-selinux-list that are very helpful.
You may also read the pages on the Wiki
http://fedoraproject.org/wiki/SELinux
http://fedoraproject.org/wiki/SELinux/Troubleshooting
If you have set the selinux mode to permissive and
then made the respective changes that the
setroubleshoter encouraged you to do and then started
selinux in enforcing mode and you get denied avcs
again, you may need to file a bug report against the
package(s)
fetchmail-6.3.7-2.fc7 or
Policy RPM: selinux-policy-2.6.4-40.fc7
Regards,
Antonio
____________________________________________________________________________________
Need a vacation? Get great deals
to amazing places on Yahoo! Travel.
http://travel.yahoo.com/