Package: selinux-policy-default
Version: 2:0.0.20080702-6
Followup-For: Bug #473043
Running mailq does not work for any user role (user_r, staff_r,
sysadm_r, unconfined_r)
debian:/# id
uid=0(root) gid=0(root) groups=0(root) context=root:sysadm_r:sysadm_t:s0
debian:/# mailq
mailq: fatal: execv /usr/sbin/postqueue: Permission denied
A similar invalid context message is logged for all the roles.
security_compute_sid: invalid context root:sysadm_r:postfix_postqueue_t:s0
for
scontext=root:sysadm_r:sysadm_mail_t:s0
tcontext=system_u:object_r:postfix_postqueue_exec_t:s0 tclass=process
Less important to me, but still bad: unconfined_r cannot send mail with
/usr/bin/mail.
[EMAIL PROTECTED]:~$ id
uid=1002(xunc) gid=1002(xunc) groups=1002(xunc)
context=unconfined_u:unconfined_r:unconfined_t:s0
[EMAIL PROTECTED]:~$ echo Test | mail -s "Test message" root
send-mail: fatal: execvp /usr/sbin/postdrop: Permission denied
send-mail: warning: command "/usr/sbin/postdrop -r" exited with status 1
send-mail: fatal: xunc(1002): unable to execute /usr/sbin/postdrop -r:
Success
Can't send mail: sendmail process failed with error code 75
security_compute_sid: invalid context
unconfined_u:unconfined_r:postfix_postdrop_t:s0 for
scontext=unconfined_u:unconfined_r:unconfined_mail_t:s0
tcontext=system_u:object_r:postfix_postdrop_exec_t:s0 tclass=process
Other roles do not have this particular problem.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.25-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages selinux-policy-default depends on:
ii libpam-modules 1.0.1-3 Pluggable Authentication Modules f
ii libselinux1 2.0.65-2 SELinux shared libraries
ii libsepol1 2.0.30-2 Security Enhanced Linux policy lib
ii policycoreutils 2.0.49-5 SELinux core policy utilities
ii python 2.5.2-2 An interactive high-level object-o
Versions of packages selinux-policy-default recommends:
ii checkpolicy 2.0.16-1 SELinux policy compiler
ii setools 2.4-3 Tresys tools for managing Security
Versions of packages selinux-policy-default suggests:
pn logcheck <none> (no description available)
pn syslog-summary <none> (no description available)
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]