fedora-selinux August 2010 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: A sendmail problem

Re: A sendmail problem

From: Daniel J Walsh <dwalsh_at_nospam>
Date: Tue Aug 10 2010 - 15:15:09 GMT
To: m.roth@5-cent.us

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/10/2010 09:38 AM, m.roth@5-cent.us wrote:
> The last few days - I think there was a policy update to FC13 - I started
> seeing
> /etc/cron.daily/0logwatch:
>>
>> Can't exec "sendmail": Permission denied at /usr/sbin/logwatch line
>> 1032, <TESTFILE> line 2.
>> Can't execute sendmail -t: Permission denied
>
> Mentioned this to my manager, and he didn't see anything in messages, but
> saw this audit message:
>
> type=SELINUX_ERR msg=audit(1281423963.394:71003):
> security_compute_sid: invalid context
> system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 for
> scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=process
>
> Why would a policy prevent logwatch from using sendmail to forward a log?
>
> mark
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
It is a bug. Please update to the latest selinux-policy in testing

yum update selinux-policy-targeted --enablerepo=updates-testing
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxhbP0ACgkQrlYvE4MpobPzxgCgjZLd8XzLtw3qMlgptsO8UCVz
u6gAoNND4ZEqTCutI1U+5KmEhqSxuyas
=nH9B
-----END PGP SIGNATURE-----
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux