-
Bug
-
Resolution: Done-Errata
-
Normal
-
rhel-8.8.0
-
None
-
selinux-policy-3.14.3-131.el8
-
None
-
Medium
-
sst_security_selinux
-
ssg_security
-
11
-
None
-
QE ack
-
False
-
-
No
-
Red Hat Enterprise Linux
-
None
-
-
Pass
-
Automated
-
None
What were you trying to do that didn't work?
exim is shipped by EPEL and can replace postfix as sendmail utility. Its policy is embedded in the standard policy package.
When a customer uses exim, it appears that exim cannot create its working directory /var/spool/exim/input/<letter>/ which do not always already exist.
AVC is shown below:
type=AVC ...: avc: denied { create } for pid=228537 comm="sendmail" name="v" scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:exim_spool_t:s0 tclass=dir permissive=0
type=SYSCALL ...: arch=x86_64 syscall=mkdir success=no exit=EACCES ... comm=sendmail exe=/usr/sbin/exim subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null)
type=CWD ...: cwd=/var/spool/exim
type=PATH ...: item=0 name=/var/spool/exim/input/ inode=14215397 dev=fd:06 mode=040750 ouid=93 ogid=93 rdev=00:00 obj=system_u:object_r:exim_spool_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH ...: item=1 name=/var/spool/exim/input/v nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
The root cause is missing rules to manipulate its own directories, following is missing:
manage_dirs_pattern(system_mail_t, exim_spool_t, exim_spool_t)
Please provide the package NVR for which bug is seen:
selinux-policy-3.14.3-117.el8_8.3.noarch
selinux-policy-38.1.11-2.el9_2.4.noarch
How reproducible:
Always but didn't try, just use exim instead of postfix as sendmail alternative.
- clones
-
-
- Closed
-
- impacts account
-
-
- Closed
-
- links to
-
RHBA-2023:121335
selinux-policy bug fix and enhancement update
- mentioned on
