SE Linux errors

Don Russell fedora at drussell.dnsalias.com
Sat Sep 15 17:39:29 UTC 2007 

I've finally decided to see if I can get rid of all my SELinux  errors. 
A great help in this was installed the setroubleshoot package.

This is on FC7...

I am unable to get rid of the following error regarding fetchmail not 
being able to access .fetchmailrc in home directories.

I have used the suggested commands to "relabel" things... but the error 
messages persist. :-(

What am I missing?

Summary
SELinux is preventing the /usr/bin/fetchmail from using potentially 
mislabeled files (/home/don/.fetchmailrc).
Detailed Description
SELinux has denied /usr/bin/fetchmail access to potentially mislabeled 
file(s) (/home/don/.fetchmailrc). This means that SELinux will not allow 
/usr/bin/fetchmail to use these files. It is common for users to edit 
files in their home directory or tmp directories and then move (mv) them 
to system directories. The problem is that the files end up with the 
wrong file context which confined applications are not allowed to access.
Allowing Access
If you want /usr/bin/fetchmail to access this files, you need to relabel 
them using restorecon -v /home/don/.fetchmailrc. You might want to 
relabel the entire directory using restorecon -R -v /home/don.
Additional Information

Source Context:   	system_u:system_r:fetchmail_t
Target Context:   	user_u:object_r:user_home_t
Target Objects:   	/home/don/.fetchmailrc [ file ]
Affected RPM Packages:   	fetchmail-6.3.7-2.fc7 [application]
Policy RPM:   	selinux-policy-2.6.4-40.fc7
Selinux Enabled:   	True
Policy Type:   	targeted
MLS Enabled:   	True
Enforcing Mode:   	Permissive
Plugin Name:   	plugins.home_tmp_bad_labels
Host Name:   	boris
Platform:   	Linux boris 2.6.22.5-76.fc7 #1 SMP Thu Aug 30 13:47:21 EDT 
2007 i686 i686
Alert Count:   	45
First Seen:   	Wed Sep 12 22:16:56 2007
Last Seen:   	Sat Sep 15 08:36:21 2007
Local ID:   	85646638-60c7-4360-98aa-96a137eb018a
Line Numbers:   	

Raw Audit Messages :

avc: denied { getattr } for comm="fetchmail" dev=dm-0 egid=500 euid=500 
exe="/usr/bin/fetchmail" exit=0 fsgid=500 fsuid=500 gid=500 items=0 
name=".fetchmailrc" path="/home/don/.fetchmailrc" pid=2969 
scontext=system_u:system_r:fetchmail_t:s0 sgid=500 
subj=system_u:system_r:fetchmail_t:s0 suid=500 tclass=file 
tcontext=user_u:object_r:user_home_t:s0 tty=(none) uid=500

More information about the fedora-list mailing list