[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[policy-1.8-19] Running /bin/mail as a sysadm_r user AVCs
- From: Aleksey Nogin <aleksey nogin org>
- To: "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>
- Subject: [policy-1.8-19] Running /bin/mail as a sysadm_r user AVCs
- Date: Fri, 19 Mar 2004 01:03:11 -0800
I ran "... | mail -s ... aleksey" while running under sysadm_r and I got:
audit(1079685757.727:0): avc: denied { read } for pid=9687
exe=/usr/sbin/sendmail.sendmail name=self dev= ino=2
scontext=aleksey:sysadm_r:sysadm_mail_t
tcontext=system_u:object_r:proc_t tclass=lnk_file
audit(1079685757.727:0): avc: denied { search } for pid=9687
exe=/usr/sbin/sendmail.sendmail name=9687 dev= ino=634847234
scontext=aleksey:sysadm_r:sysadm_mail_t
tcontext=aleksey:sysadm_r:sysadm_mail_t tclass=dir
audit(1079685757.751:0): avc: denied { dac_override } for pid=9688
exe=/usr/sbin/sendmail.sendmail capability=1
scontext=system_u:system_r:sendmail_t
tcontext=system_u:system_r:sendmail_t tclass=capability
The first one is probably an issue with how the kernel manages /proc -
/proc/self IMHO should not be system_u:object_r:proc_t.
--
Aleksey Nogin
Home Page: http://nogin.org/
E-Mail: nogin cs caltech edu (office), aleksey nogin org (personal)
Office: Jorgensen 70, tel: (626) 395-2907
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]