Selinux and exim
Frank Chiulli
frankc.fedora at gmail.com
Thu Sep 6 14:40:50 UTC 2007
On 9/4/07, Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Frank Chiulli wrote:
> > I have been the messages below for awhile. But since everything seems
> > to be working, I just ignored them. But now I've decided to fix them.
> > I tried:
> > touch /.autorelabel
> > reboot
> >
> > But that did not fix it. Does anyone have any suggestions?
> >
> > Messages:
> > avc: denied { append } for comm="sendmail" dev=hda2 egid=93 euid=93
> > exe="/usr/sbin/exim" exit=-13 fsgid=93 fsuid=93 gid=93 items=0
> > name="main.log" pid=7094
> > scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 sgid=93
> > subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 suid=93
> > tclass=file tcontext=user_u:object_r:var_log_t:s0 tty=(none) uid=93
> >
> > avc: denied { append } for comm="sendmail" dev=hda2 egid=93 euid=93
> > exe="/usr/sbin/exim" exit=-13 fsgid=93 fsuid=93 gid=93 items=0
> > name="panic.log" pid=7094
> > scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 sgid=93
> > subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 suid=93
> > tclass=file tcontext=system_u:object_r:var_log_t:s0 tty=(none) uid=93
> >
> >
> > More info:
> > ls -Z /usr/sbin/exim
> > -rwsr-xr-x root root system_u:object_r:sendmail_exec_t /usr/sbin/exim
> >
> > ls -Z /var/log/exim/panic.log
> > -rw-r----- exim exim system_u:object_r:var_log_t /var/log/exim/panic.log
> >
> > ls -Z /var/log/exim/main.log
> > -rw-r----- exim exim user_u:object_r:var_log_t /var/log/exim/main.log
> >
> > Thanks,
> > Frank
> >
> If you change the context of /var/log/exim to sendmail_log_t, it will
> probably work.
>
> # semanage fcontext -a -t sendmail_log_t '/var/log/exim(/.*)?'
> # restorecon -R -v /var/log/exim
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFG3iPqrlYvE4MpobMRAo6dAKCblxqopFd4eRQFNI0SQ/7wvUF8pwCfU2pZ
> VpRE2Y2O26NmgVQpvXOi094=
> =NYgJ
> -----END PGP SIGNATURE-----
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
Daniel,
I've made the changes and so far so good. I say that because I don't
receive the messages all the time. I think it's tied to a cron job
but have never figured out if that's true.
Thanks for the help,
Frank
More information about the fedora-list
mailing list