Fix two procmail/sendmail denials #2475
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes:
type=PROCTITLE msg=audit(08/12/2024 10:52:43.901:605) : proctitle=/usr/bin/procmail -a DEFAULT=/home/bobo/Maildir/ MAILDIR=/home/bobo/Maildir/
type=PATH msg=audit(08/12/2024 10:52:43.901:605) : item=1 name=/lib64/ld-linux-x86-64.so.2 inode=4436472 dev=fd:02 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(08/12/2024 10:52:43.901:605) : item=0 name=/usr/bin/procmail inode=4915653 dev=fd:02 mode=file,755 ouid=root ogid=mail rdev=00:00 obj=system_u:object_r:procmail_exec_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(08/12/2024 10:52:43.901:605) : cwd=/var/spool/postfix
type=EXECVE msg=audit(08/12/2024 10:52:43.901:605) : argc=5 a0=/usr/bin/procmail a1=-a a2= a3=DEFAULT=/home/bobo/Maildir/ a4=MAILDIR=/home/bobo/Maildir/
type=SYSCALL msg=audit(08/12/2024 10:52:43.901:605) : arch=x86_64 syscall=execve success=yes exit=0 a0=0x5639d4f70990 a1=0x5639d4f6f080 a2=0x5639d4f70f10 a3=0x8 items=2 ppid=27104 pid=27106 auid=unset uid=bobo gid=bobo euid=bobo suid=bobo fsuid=bobo egid=bobo sgid=bobo fsgid=bobo tty=(none) ses=unset comm=procmail exe=/usr/bin/procmail subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(08/12/2024 10:52:43.901:605) : avc: denied { read } for pid=27106 comm=procmail path=/etc/aliases.lmdb dev="vda2" ino=2225144 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:etc_aliases_t:s0 tclass=file permissive=0
Resolves: https://issues.redhat.com/browse/RHEL-54014
Signed-off-by: Ondrej Mosnacek <[email protected]>
Fixes:
type=PROCTITLE msg=audit(11/15/2024 02:41:04.796:891) : proctitle=sendmail: startup with localhost
type=MMAP msg=audit(11/15/2024 02:41:04.796:891) : fd=5 flags=MAP_SHARED
type=SYSCALL msg=audit(11/15/2024 02:41:04.796:891) : arch=x86_64 syscall=mmap success=no exit=EACCES(Permission denied) a0=0x0 a1=0x896 a2=PROT_READ a3=MAP_SHARED items=0 ppid=12782 pid=12850 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=smmsp sgid=smmsp fsgid=smmsp tty=(none) ses=unset comm=sendmail exe=/usr/sbin/sendmail.sendmail subj=system_u:system_r:sendmail_t:s0 key=(null)
type=AVC msg=audit(11/15/2024 02:41:04.796:891) : avc: denied { map } for pid=12850 comm=sendmail path=/etc/mail/access.cdb dev="vda2" ino=16783732 scontext=system_u:system_r:sendmail_t:s0 tcontext=unconfined_u:object_r:etc_mail_t:s0 tclass=file permissive=0
Related: https://issues.redhat.com/browse/RHEL-54014
Signed-off-by: Ondrej Mosnacek <[email protected]>
|
Merging, thank you. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.