View Issue Details

IDProjectCategoryView StatusLast Update
0017537CentOS-7selinux-policypublic2020-06-24 17:56
Reporterzmilhouse Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
OS Version7 
Summary0017537: SELinux is preventing /usr/sbin/exim from 'write' accesses on the file retry.
DescriptionDescription of problem:
SELinux is preventing /usr/sbin/exim from 'write' accesses on the file retry.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that exim should be allowed write access on the retry file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'exim' --raw | audit2allow -M my-exim
# semodule -i my-exim.pp

Additional Information:
Source Context system_u:system_r:exim_t:s0-s0:c0.c1023
Target Context system_u:object_r:var_spool_t:s0
Target Objects retry [ file ]
Source exim
Source Path /usr/sbin/exim
Port <Unknown>
Host (removed)
Source RPM Packages exim-4.93-5.cp1186.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-266.el7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name (removed)
Platform Linux (removed) 3.10.0-1127.13.1.el7.x86_64 #1 SMP
                              Tue Jun 23 15:46:38 UTC 2020 x86_64 x86_64
Alert Count 1447
First Seen 2020-06-11 20:45:02 CDT
Last Seen 2020-06-24 12:50:02 CDT
Local ID c949756c-b4c6-4172-a735-915adddf5c55

Raw Audit Messages
type=AVC msg=audit(1593021002.541:330): avc: denied { write } for pid=12436 comm="exim" name="retry" dev="dm-0" ino=103718769 scontext=system_u:system_r:exim_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_spool_t:s0 tclass=file permissive=1

type=SYSCALL msg=audit(1593021002.541:330): arch=x86_64 syscall=open success=yes exit=ECHILD a0=1d13190 a1=2 a2=0 a3=3 items=0 ppid=12429 pid=12436 auid=1014 uid=47 gid=12 euid=47 suid=47 fsuid=47 egid=12 sgid=12 fsgid=12 tty=(none) ses=9 comm=exim exe=/usr/sbin/exim subj=system_u:system_r:exim_t:s0-s0:c0.c1023 key=(null)

Hash: exim,exim_t,var_spool_t,file,write

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-1127.13.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-06-24 17:56 zmilhouse New Issue