[SOLVED] SELinux warning sending mail in Squirrelmail

Support for security such as Firewalls and securing linux
Locked
chuina
Posts: 355
Joined: 2009/12/11 10:25:56

[SOLVED] SELinux warning sending mail in Squirrelmail

Post by chuina » 2010/03/08 13:21:04

Hello,
I'm getting SELinux warning(!) while sending any mail by Squirrelmail.
But the message reaches its destination.(All users are in same PC) The warning is as below:[code]
Summary:

SELinux is preventing the sendmail from using potentially mislabeled files
(2F746D702F2E4E5350522D41464D2D323538312D383639393132382E30202864656C6574656429).

Detailed Description:

SELinux has denied sendmail access to potentially mislabeled file(s)
(2F746D702F2E4E5350522D41464D2D323538312D383639393132382E30202864656C6574656429).
This means that SELinux will not allow sendmail to use these files. It is common
for users to edit files in their home directory or tmp directories and then move
(mv) them to system directories. The problem is that the files end up with the
wrong file context which confined applications are not allowed to access.

Allowing Access:

If you want sendmail to access this files, you need to relabel them using
restorecon -v
'2F746D702F2E4E5350522D41464D2D323538312D383639393132382E30202864656C6574656429'.
You might want to relabel the entire directory using restorecon -R -v ''.

Additional Information:

Source Context system_u:system_r:system_mail_t
Target Context system_u:object_r:httpd_tmp_t
Target Objects 2F746D702F2E4E5350522D41464D2D323538312D3836393931
32382E30202864656C6574656429 [ file ]
Source sendmail
Source Path /usr/sbin/sendmail.sendmail
Port <Unknown>
Host serverkp.kernelpanic.com
Source RPM Packages sendmail-8.13.8-2.el5
Target RPM Packages
Policy RPM selinux-policy-2.4.6-255.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name home_tmp_bad_labels
Host Name serverkp.kernelpanic.com
Platform Linux serverkp.kernelpanic.com 2.6.18-164.el5 #1
SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686
Alert Count 1
First Seen Mon 08 Mar 2010 05:24:53 PM XXT
Last Seen Mon 08 Mar 2010 07:03:58 PM XXT
Local ID 5eeb1997-ec87-4113-aea6-327a9615d38c
Line Numbers

Raw Audit Messages

host=serverkp.kernelpanic.com type=AVC msg=audit(1268053438.253:66): avc: denied { read write }
for pid=7244 comm="sendmail" path=2F746D702F2E4E5350522D41464D2D323538312D383639393132382E30202864656C6574656429 dev=hda4
ino=4713986 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_tmp_t:s0 tclass=file

host=serverkp.kernelpanic.com type=SYSCALL msg=audit(1268053438.253:66): arch=40000003 syscall=11
success=yes exit=0 a0=89c6e78 a1=89c7200 a2=89c6f78 a3=40 items=0 ppid=2618 pid=7244
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=51 sgid=51 fsgid=51 tty=(none)
ses=4294967295 comm="sendmail" exe="/usr/sbin/sendmail.sendmail"
subj=system_u:system_r:system_mail_t:s0 key=(null)
[/code]

The instruction (with those big numbers+chacracters) looks odd and unknown to me so Help nedded.

Thanks.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

[SOLVED] SELinux warning sending mail in Squirrelmail

Post by pschaff » 2010/03/08 16:17:29

All I can suggest is what the message told you:
[quote]
You might want to relabel the entire directory using restorecon -R -v ''.[/quote]

User avatar
TrevorH
Forum Moderator
Posts: 23676
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SELinux warning sending mail in Squirrelmail

Post by TrevorH » 2010/03/09 13:08:06

What file system resides on /dev/hda4?

Actually this set of posts looks like your problem:
http://linux.derkeiler.com/Mailing-Lists/Fedora/2008-03/msg01150.html
http://linux.derkeiler.com/Mailing-Lists/Fedora/2008-03/msg01253.html

though yours is slightly different because you are not seeing the geoIP portion of that complaint. Solution should be similar though.

chuina
Posts: 355
Joined: 2009/12/11 10:25:56

Re: SELinux warning sending mail in Squirrelmail

Post by chuina » 2010/03/09 18:07:09

I tried [b]restorecon -R -v ''.[/b] , result same.
Also tried, [b]"touch /.autorelabel ; reboot"[/b] with no luck.

" What file system resides on /dev/hda4? "
[code]sudo mount | grep /dev/hda4
/dev/hda4 on / type ext3 (rw)[/code]

Should I proceed according to the mailing list ? :-?

chuina
Posts: 355
Joined: 2009/12/11 10:25:56

Re: SELinux warning sending mail in Squirrelmail

Post by chuina » 2010/03/09 18:48:36

[quote]
chuina wrote:
Should I proceed according to the mailing list ? :-?[/quote]

Yeah, Why not !?!

So the Solution is:

[code]grep httpd /var/log/audit/audit.log | audit2allow -M myhttp[/code]
Which suggest to give this command:
[code]semodule -i myhttp.pp[/code]

Please mark it as SOLVED.

Thanks [b]Scaffner[/b] and [b]TrevorH[/b] (H == HawkEye) 8-)

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: [SOLVED] SELinux warning sending mail in Squirrelmail

Post by pschaff » 2010/03/09 19:06:53

[quote]
chuina wrote:
...
Please mark it as SOLVED.
[/quote]

Done. Thanks for reporting the solution.

bertalanimre
Posts: 140
Joined: 2015/06/02 13:04:03

Re: [SOLVED] SELinux warning sending mail in Squirrelmail

Post by bertalanimre » 2017/12/07 09:21:48

Not resolved my issue while having the same problem :/

User avatar
TrevorH
Forum Moderator
Posts: 23676
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: [SOLVED] SELinux warning sending mail in Squirrelmail

Post by TrevorH » 2017/12/07 10:28:00

Please don't hijack ancient threads from 7 years ago relating to 2 versions before the one you're running, especially when you already have a separate thread in the correct place.

Locked.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Locked