Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 224318 - selinux preventing access to file_t for procmail
Summary: selinux preventing access to file_t for procmail
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 6
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2007-01-25 08:31 UTC by Simon Goodall
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-01-25 19:08:22 UTC

Attachments (Terms of Use)
setroubleshooter output. (deleted)
2007-01-25 08:31 UTC, Simon Goodall
no flags Details

Description Simon Goodall 2007-01-25 08:31:46 UTC
Description of problem:
I've been seeing "SELinux is preventing access to files with the label, file_t"
occur quite often in the setroubleshooter browser. It;s always complaining about
procmail. I have preformed its suggested action of relabelling the file system
several times, but I still get this message. I have set selinux to "enforcing".
See attached for the details of the message.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Comment 1 Simon Goodall 2007-01-25 08:31:46 UTC
Created attachment 146505 [details]
setroubleshooter output.

Comment 2 Daniel Walsh 2007-01-25 13:00:25 UTC
What file system are you using?

ls -lZ /

Comment 3 Simon Goodall 2007-01-25 13:10:08 UTC
I'm using ext3.

drwxr-xr-x  root root system_u:object_r:bin_t          bin
drwxr-xr-x  root root system_u:object_r:boot_t         boot
drwxr-xr-x  root root system_u:object_r:default_t      data
drwxr-xr-x  root root system_u:object_r:device_t       dev
drwxr-xr-x  root root system_u:object_r:etc_t          etc
drwxr-xr-x  root root system_u:object_r:home_root_t    home
drwxr-xr-x  root root system_u:object_r:lib_t          lib
drwx------  root root system_u:object_r:lost_found_t   lost+found
drwxr-xr-x  root root system_u:object_r:mnt_t          media
drwxr-xr-x  root root system_u:object_r:mnt_t          misc
drwxr-xr-x  root root system_u:object_r:mnt_t          mnt
dr-xr-xr-x  root root system_u:object_r:mnt_t          net
drwxr-xr-x  root root system_u:object_r:usr_t          opt
dr-xr-xr-x  root root system_u:object_r:proc_t         proc
drwxr-xr-x  root root system_u:object_r:default_t      Recycled
drwxr-x---  root root root:object_r:user_home_dir_t    root
drwxr-xr-x  root root system_u:object_r:sbin_t         sbin
drwxr-xr-x  root root system_u:object_r:security_t     selinux
drwxr-xr-x  root root system_u:object_r:var_t          srv
drwxr-xr-x  root root system_u:object_r:sysfs_t        sys
drwxrwxrwt  root root system_u:object_r:tmp_t          tmp
drwxr-xr-x  root root system_u:object_r:usr_t          usr
drwxr-xr-x  root root system_u:object_r:var_t          var

Comment 4 Daniel Walsh 2007-01-25 13:18:16 UTC
The question is what file is labeled file_t?  For some reason a the kernel is
reporting you have  a file with no label on it, and it is not being relabeled.


Comment 5 Simon Goodall 2007-01-25 13:42:10 UTC
doing ls -lZR / | grep ":file_t"  lists files in my home dir, although why does
procmail wants to look there? .procmailrc? This is actually a separate encrypted
ext3 partition I mount using pam_mount. I assume that dev=dm-1 means device mapper?
I guess the relabelling misses this fs. Is there a way to fire off re-labelling
for this device manually?

Comment 6 Daniel Walsh 2007-01-25 14:52:23 UTC
restorecon -R -v /home

Should clean it up. 

Comment 7 Simon Goodall 2007-01-25 15:20:22 UTC
Ok, no more file_t's. Hopefully it'll stay that way.

Note You need to log in before you can comment on or make changes to this bug.