[SOLVED] SELinux warning sending mail in Squirrelmail

Support for security such as Firewalls and securing linux
chuina
Posts: 355
Joined: 2009/12/11 10:25:56

[SOLVED] SELinux warning sending mail in Squirrelmail

Postby chuina » 2010/03/08 13:21:04

Hello,
I'm getting SELinux warning(!) while sending any mail by Squirrelmail.
But the message reaches its destination.(All users are in same PC) The warning is as below:

Code: Select all

 
Summary:

SELinux is preventing the sendmail from using potentially mislabeled files
(2F746D702F2E4E5350522D41464D2D323538312D383639393132382E30202864656C6574656429).

Detailed Description:

SELinux has denied sendmail access to potentially mislabeled file(s)
(2F746D702F2E4E5350522D41464D2D323538312D383639393132382E30202864656C6574656429).
This means that SELinux will not allow sendmail to use these files. It is common
for users to edit files in their home directory or tmp directories and then move
(mv) them to system directories. The problem is that the files end up with the
wrong file context which confined applications are not allowed to access.

Allowing Access:

If you want sendmail to access this files, you need to relabel them using
restorecon -v
'2F746D702F2E4E5350522D41464D2D323538312D383639393132382E30202864656C6574656429'.
You might want to relabel the entire directory using restorecon -R -v ''.

Additional Information:

Source Context                system_u:system_r:system_mail_t
Target Context                system_u:object_r:httpd_tmp_t
Target Objects                2F746D702F2E4E5350522D41464D2D323538312D3836393931
                              32382E30202864656C6574656429 [ file ]
Source                        sendmail
Source Path                   /usr/sbin/sendmail.sendmail
Port                          <Unknown>
Host                          serverkp.kernelpanic.com
Source RPM Packages           sendmail-8.13.8-2.el5
Target RPM Packages           
Policy RPM                    selinux-policy-2.4.6-255.el5
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   home_tmp_bad_labels
Host Name                     serverkp.kernelpanic.com
Platform                      Linux serverkp.kernelpanic.com 2.6.18-164.el5 #1
                              SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686
Alert Count                   1
First Seen                    Mon 08 Mar 2010 05:24:53 PM XXT
Last Seen                     Mon 08 Mar 2010 07:03:58 PM XXT
Local ID                      5eeb1997-ec87-4113-aea6-327a9615d38c
Line Numbers                 

Raw Audit Messages           

host=serverkp.kernelpanic.com type=AVC msg=audit(1268053438.253:66): avc:  denied  { read write }
for  pid=7244 comm="sendmail" path=2F746D702F2E4E5350522D41464D2D323538312D383639393132382E30202864656C6574656429 dev=hda4
ino=4713986 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_tmp_t:s0 tclass=file

host=serverkp.kernelpanic.com type=SYSCALL msg=audit(1268053438.253:66): arch=40000003 syscall=11
success=yes exit=0 a0=89c6e78 a1=89c7200 a2=89c6f78 a3=40 items=0 ppid=2618 pid=7244
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=51 sgid=51 fsgid=51 tty=(none)
ses=4294967295 comm="sendmail" exe="/usr/sbin/sendmail.sendmail"
subj=system_u:system_r:system_mail_t:s0 key=(null)


The instruction (with those big numbers+chacracters) looks odd and unknown to me so Help nedded.

Thanks.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

[SOLVED] SELinux warning sending mail in Squirrelmail

Postby pschaff » 2010/03/08 16:17:29

All I can suggest is what the message told you:
You might want to relabel the entire directory using restorecon -R -v ''.

User avatar
TrevorH
Forum Moderator
Posts: 21183
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SELinux warning sending mail in Squirrelmail

Postby TrevorH » 2010/03/09 13:08:06

What file system resides on /dev/hda4?

Actually this set of posts looks like your problem:
http://linux.derkeiler.com/Mailing-List ... 01150.html
http://linux.derkeiler.com/Mailing-List ... 01253.html

though yours is slightly different because you are not seeing the geoIP portion of that complaint. Solution should be similar though.

chuina
Posts: 355
Joined: 2009/12/11 10:25:56

Re: SELinux warning sending mail in Squirrelmail

Postby chuina » 2010/03/09 18:07:09

I tried restorecon -R -v ''. , result same.
Also tried, "touch /.autorelabel ; reboot" with no luck.

" What file system resides on /dev/hda4? "

Code: Select all

sudo mount | grep /dev/hda4
/dev/hda4 on / type ext3 (rw)


Should I proceed according to the mailing list ? :-?

chuina
Posts: 355
Joined: 2009/12/11 10:25:56

Re: SELinux warning sending mail in Squirrelmail

Postby chuina » 2010/03/09 18:48:36

chuina wrote:
Should I proceed according to the mailing list ? :-?


Yeah, Why not !?!

So the Solution is:

Code: Select all

grep httpd /var/log/audit/audit.log | audit2allow -M myhttp

Which suggest to give this command:

Code: Select all

semodule -i myhttp.pp


Please mark it as SOLVED.

Thanks Scaffner and TrevorH (H == HawkEye) 8-)

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: [SOLVED] SELinux warning sending mail in Squirrelmail

Postby pschaff » 2010/03/09 19:06:53

chuina wrote:
...
Please mark it as SOLVED.


Done. Thanks for reporting the solution.

bertalanimre
Posts: 135
Joined: 2015/06/02 13:04:03

Re: [SOLVED] SELinux warning sending mail in Squirrelmail

Postby bertalanimre » 2017/12/07 09:21:48

Not resolved my issue while having the same problem :/

User avatar
TrevorH
Forum Moderator
Posts: 21183
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: [SOLVED] SELinux warning sending mail in Squirrelmail

Postby TrevorH » 2017/12/07 10:28:00

Please don't hijack ancient threads from 7 years ago relating to 2 versions before the one you're running, especially when you already have a separate thread in the correct place.

Locked.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke