procmail
Stephen Smalley
sds at tycho.nsa.gov
Tue May 16 16:54:54 UTC 2006
On Tue, 2006-05-16 at 17:38 +0100, Paul Howarth wrote:
> I think I'm nearly there now as the procmail avcs are now few and far
> between. I just got one I don't understand though:
>
> type=AVC msg=audit(1147796926.268:24816): avc: denied { associate }
> for pid=27085 comm="bounced-mail" name="bm27083.1"
> scontext=user_u:object_r:procmail_tmp_t:s0
> tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
> type=SYSCALL msg=audit(1147796926.268:24816): arch=40000003 syscall=5
> success=yes exit=3 a0=92962d0 a1=8241 a2=1b6 a3=8241 items=1 pid=27085
> auid=4294967295 uid=502 gid=502 euid=502 suid=502 fsuid=502 egid=502
> sgid=502 fsgid=502 comm="bounced-mail" exe="/bin/bash"
> type=CWD msg=audit(1147796926.268:24816): cwd="/home/mcivta/mail"
> type=PATH msg=audit(1147796926.268:24816): item=0 name="/tmp/bm27083.1"
> flags=310 inode=2 dev=fd:02 mode=041777 ouid=0 ogid=0 rdev=00:00
>
> (this is in permissive mode btw)
>
> What's being denied here?
The file type (procmail_tmp_t) hasn't been allowed to be associated with
the filesystem type (fs_t). Add:
files_type(procmail_tmp_t)
to your module source.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list