View Issue Details

IDProjectCategoryView StatusLast Update
0014012CentOS-7selinux-policypublic2017-11-29 21:23
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0014012: SELinux is preventing /usr/sbin/sendmail.sendmail from 'search' accesses on the directory net.
DescriptionDescription of problem:
Did a centos 7 install on VirtualBox few days back. SElinux-policy was corrupted after few reboots. reinstalled it via yum after booting from grub with selinux 0. Today tried to sudo yum install sendmail And this alert popped up and prompted me to report this as bug.
SELinux is preventing /usr/sbin/sendmail.sendmail from 'search' accesses on the directory net.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that sendmail.sendmail should be allowed search access on the net directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'newaliases' --raw | audit2allow -M my-newaliases
# semodule -i my-newaliases.pp

Additional Information:
Source Context unconfined_u:unconfined_r:system_mail_t:s0-s0:c0.c
Target Context system_u:object_r:sysctl_net_t:s0
Target Objects net [ dir ]
Source newaliases
Source Path /usr/sbin/sendmail.sendmail
Port <Unknown>
Host (removed)
Source RPM Packages sendmail-8.14.7-5.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-166.el7_4.4.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-693.2.2.el7.x86_64 #1 SMP
                              Tue Sep 12 22:26:13 UTC 2017 x86_64 x86_64
Alert Count 1
First Seen 2017-10-13 19:30:15 IST
Last Seen 2017-10-13 19:30:15 IST
Local ID 5ad0466d-5021-4588-bb65-817e3745b5b9

Raw Audit Messages
type=AVC msg=audit(1507903215.712:3889): avc: denied { search } for pid=16255 comm="newaliases" name="net" dev="proc" ino=2513747 scontext=unconfined_u:unconfined_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir

type=SYSCALL msg=audit(1507903215.712:3889): arch=x86_64 syscall=open success=no exit=EACCES a0=7f0ef6a474b0 a1=80000 a2=1b6 a3=24 items=0 ppid=16253 pid=16255 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=pts0 ses=1 comm=newaliases exe=/usr/sbin/sendmail.sendmail subj=unconfined_u:unconfined_r:system_mail_t:s0-s0:c0.c1023 key=(null)

Hash: newaliases,system_mail_t,sysctl_net_t,dir,search

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-693.2.2.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.




2017-11-29 21:23

reporter   ~0030680


Same issue here:
SELinux is preventing /usr/sbin/sendmail.sendmail from search access on the directory net.
SELinux is preventing sendmail from read access on the file disable_ipv6.
SELinux is preventing sendmail from open access on the file /proc/sys/net/ipv6/conf/all/disable_ipv6.
SELinux is preventing /usr/sbin/sendmail.sendmail from getattr access on the file /proc/sys/net/ipv6/conf/all/disable_ipv6.

Issue History

Date Modified Username Field Change
2017-10-13 14:06 debi148 New Issue
2017-11-29 21:23 BlueH2O Note Added: 0030680