[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
yum-cron fails trying to mail a temporary file
- From: Vadym Chepkov <chepkov yahoo com>
- To: fedora-selinux-list redhat com
- Subject: yum-cron fails trying to mail a temporary file
- Date: Sat, 24 Jan 2009 07:18:10 -0800 (PST)
I got an interesting denial which took me a bit to figure out.
type=AVC msg=audit(1232788787.310:1787): avc: denied { read } for pid=9836 comm="mail" path="/var/run/yum-cron.EHQJws" dev=dm-3 ino=77843 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_var_run_t:s0 tclass=file
It comes from yum-cron package. What happens is a script starts from cron and creates a temporary file which inherits directory security context. Later it mails it using redirection syntax:
"mail $MAILTO < $YUMTMP"
mailx transitions to system_mail_t and is denied to read such a temporary file.
I don't think this is a unique script that has similar logic and I suspect some other directory needs to be used, but I didn't find any suitable in sources/sendmail.fc and before I create new type/directory I would like to know maybe there is more proper way to handle cases like this?
Thank you.
Sincerely yours,
Vadym Chepkov
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]