-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
David Timms wrote:
Daniel J Walsh wrote:
David Timms wrote:
AFAICS, I haven't made any configs to sendmail, yet I've started to get lots of AVC warnings in setroubleshoot, of three particular types:
1:======== Summary SELinux is preventing the /usr/sbin/sendmail.sendmail from using potentially mislabeled files (<Unknown>).
Detailed Description SELinux has denied /usr/sbin/sendmail.sendmail access to potentially mislabeled file(s) (<Unknown>). This means that SELinux will not allow
A postinstall script has ruined the labeling on your /etc/services file.
# restorecon -v /etc/services will fix
# ls -lZ /etc/services -rw-r--r-- root root unconfined_u:object_r:rpm_script_tmp_t /etc/services Yes, you are correct.
# restorecon -v /etc/services restorecon reset /etc/services context unconfined_u:object_r:rpm_script_tmp_t:s0->system_u:object_r:etc_t:s0
I guess experience rather than reading the troubleshoot message led you to /etc/services ?
Yes, although this is actually a bug in audit/setroubleshoot that is causing the target mislabeled file to be <Unknown> If the frame work had actually specified /etc/services, one of the plugins does a matchpatcon on the file and sees that the file context differs from the default and sets it correctly. Please report this as a bug on setroubleshoot and include the audit messages so we can see why setroubleshoot failed.