On 06/17/2016 02:34 AM, Robert Nichols wrote:
On 06/13/2016 09:44 PM, David Highley wrote:
Should we file a report on the issue below?
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3116): avc: denied { create } for pid=5356 comm="procmail" name="_sTB.NZtXXB.douglas" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3117): avc: denied { create } for pid=5356 comm="procmail" name="spamlog" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3118): avc: denied { create } for pid=5356 comm="procmail" name="_sTB,NZtXXB.douglas" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
time->Mon Jun 13 08:50:37 2016 type=AVC msg=audit(1465833037.215:3119): avc: denied { create } for pid=5356 comm="procmail" name="spamlog" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0 -- selinux mailing list selinux@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
Here's a 6-year-old thread discussing this same issue. Apparently it's still unresolved since I'm still using the local policy mentioned in the thread.
It is a valid point. Previously, we was not able to fix it in an easy way. Currently, we have filename transitions rules where we can define file type transitions for specific files or directories.
Thank you.
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...