-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
For two days, I've been receiving notices from setroubleshooter about
sendmail and "unknown file". Today, after the pam update, I rebooted
and saw sendmail fail to start due to a problem with "services".
Feb 26 06:55:50 sds-desk setroubleshoot: #012 SELinux is preventing
the /usr/sbin/sendmail.sendmail from using potentially mislabeled files
(<Unknown>).#012
Feb 26 07:04:35 sds-desk setroubleshoot: #012 SELinux is preventing
the /usr/sbin/sendmail.sendmail from using potentially mislabeled files
(/etc/services).#012
I used
~ grep sendmail /var/log/audit/audit.log | audit2allow -M sendmail
to generate a policy to fix this. Was this the right thing to do? And
what caused sendmail and selinux to suddenly have a problem?
sendmail.te:
module sendmail 1.0;
require {
~ type initrc_tmp_t;
~ type rpm_script_tmp_t;
~ type system_mail_t;
~ type unconfined_home_t;
~ type sendmail_t;
~ type unconfined_home_dir_t;
~ type var_t;
~ class process setrlimit;
~ class dir { getattr search };
~ class file { write getattr read ioctl };
}
#============= sendmail_t ==============
allow sendmail_t initrc_tmp_t:file { read write getattr ioctl };
allow sendmail_t rpm_script_tmp_t:file read;
allow sendmail_t self:process setrlimit;
allow sendmail_t unconfined_home_dir_t:dir { getattr search };
allow sendmail_t unconfined_home_t:file { read getattr };
allow sendmail_t var_t:file { read write };
#============= system_mail_t ==============
allow system_mail_t rpm_script_tmp_t:file read;
- --
~ Steve
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHxBKueERILVgMyvARAvE6AJ49qi30dYDaPPmEWAcXZCK3Sf+i+ACeLgYa
GsbDrhehWXwG+MMxAEoNHXc=
=uKfC
-----END PGP SIGNATURE-----
