|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
Hi
When I try to have procmail deliver my email, I get the following avc messages:
type=AVC msg=audit(1323699624.572:2022): avc: denied { write } for pid=18801 comm="procmail" name="local-mail" dev=sdd10 ino=7471567 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:data_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1323699624.572:2022): arch=c000003e syscall=2 success=no exit=-13 a0=cba680 a1=441 a2=1b7 a3=1 items=0 ppid=18799 pid=18801 auid=4294967295 uid=14060 gid=100 euid=14060 suid=14060 fsuid=14060 egid=100 sgid=100 fsgid=100 tty=(none) ses=4294967295 comm="procmail" exe="/usr/bin/procmail" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1323699624.572:2023): avc: denied { write } for pid=18801 comm="procmail" name="inbox" dev=sdd10 ino=12714135 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:data_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1323699624.572:2023): arch=c000003e syscall=2 success=no exit=-13 a0=cb7b50 a1=c1 a2=1b7 a3=65642d6e697373 items=0 ppid=18799 pid=18801 auid=4294967295 uid=14060 gid=100 euid=14060 suid=14060 fsuid=14060 egid=100 sgid=100 fsgid=100 tty=(none) ses=4294967295 comm="procmail" exe="/usr/bin/procmail" subj=system_u:system_r:procmail_t:s0 key=(null)
I am running Fedora 15 with a KDE 4.7.4 desktop, and am using kmail2. When I try to create and install a local
policy to allow this access, a .pp file is created, but installing fails with the following messages.
libsepol.print_missing_requirements: procmail's global requirements were not met: type/attribute procmail_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule: Failed!
The .pp file is
module procmail 1.0;
require {
type data_home_t;
type procmail_t;
class dir write;
class file append;
}
#============= procmail_t ==============
#!!!! The source type 'procmail_t' can write to a 'dir' of the following types:
# user_home_t, var_log_t, procmail_log_t, user_home_dir_t, tmp_t, mail_spool_t, nfs_t
allow procmail_t data_home_t:dir write;
allow procmail_t data_home_t:file append;
I can relabel the mail directory as user_home_t, and procmail works, but I haven't found how to make the
relabel survive a general machine relabel. Any help would be appreciated.
--
Lester M Petrie
865-574-5259
petrielmjr@xxxxxxxx
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Fedora Users] [Fedora Legacy] [Fedora Desktop] [Big List of Linux Books] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]
