CentOS 7.5, and on one system, I'm getting: setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from read access on the file disable_ipv6
ll -Z shows -rw-r--r--. root root system_u:object_r:sysctl_net_t:s0 /proc/sys/net/ipv6/conf/all/disable_ipv6
I find this peculiar. Anyone have a resolution, or is this a bug?
mark
On August 27, 2018 6:39:39 AM AKDT, mark m.roth@5-cent.us wrote:
CentOS 7.5, and on one system, I'm getting: setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from read access on the file disable_ipv6
ll -Z shows -rw-r--r--. root root system_u:object_r:sysctl_net_t:s0 /proc/sys/net/ipv6/conf/all/disable_ipv6
I find this peculiar. Anyone have a resolution, or is this a bug?
mark
selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...
So do you consider IPv6 to be a feature or a bug?
Are IPv4 addresses considered as real estate, and the owners thereof are concerned that their market value might fall if people start using IPv6? -- https://www.colmena.biz/~justina/contacto.php
justina colmena wrote:
On August 27, 2018 6:39:39 AM AKDT, mark m.roth@5-cent.us wrote:
CentOS 7.5, and on one system, I'm getting: setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from read access on the file disable_ipv6
ll -Z shows -rw-r--r--. root root system_u:object_r:sysctl_net_t:s0 /proc/sys/net/ipv6/conf/all/disable_ipv6
I find this peculiar. Anyone have a resolution, or is this a bug?
So do you consider IPv6 to be a feature or a bug?
Are IPv4 addresses considered as real estate, and the owners thereof are concerned that their market value might fall if people start using IPv6?
Nah, we use both, and we do have a reasonable supply of IPv4, given I work for a US federal contractor (civilian sector).
mark
On 08/27/2018 07:24 PM, mark wrote:
justina colmena wrote:
On August 27, 2018 6:39:39 AM AKDT, mark m.roth@5-cent.us wrote:
CentOS 7.5, and on one system, I'm getting: setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from read access on the file disable_ipv6
ll -Z shows -rw-r--r--. root root system_u:object_r:sysctl_net_t:s0 /proc/sys/net/ipv6/conf/all/disable_ipv6
I find this peculiar. Anyone have a resolution, or is this a bug?
So do you consider IPv6 to be a feature or a bug?
Are IPv4 addresses considered as real estate, and the owners thereof are concerned that their market value might fall if people start using IPv6?
Nah, we use both, and we do have a reasonable supply of IPv4, given I work for a US federal contractor (civilian sector).
mark
My experience working for federal contractors is very poor. It involved a brush-clearing job at Camp Bonneville near Battle Ground, Washington, which turned out to have been subcontracted from a prime contractor who had been hired by the Army to clean up unexploded ordnance and make improvements to the real property of the aforementioned Camp in order to turn it into a county park.
The Washington State Department of Labor and Industries balked at underwriting workers' compensation for the hazard of unexploded ordnance, and I heard a rumor that at least one colonel and some other officials from the Army were given dishonorable discharges for improperly disbursing federal funds in excess of $5,000 to a contractor who was not properly bonded for the job under the Miller Act. The contractors were hauled into civilian federal court. White shirt, business suit, and black tie or orange jumpsuit and chains, I have no idea.
My employer never got paid for the job, and some of those dishonorable colonels burned down our office as well as the neighbor's barn, and the Society of Actuaries was making noise about too many fires in town that year. You can call it a "civilian sector" but that's arguable once they start having a court-martial.
The IPv6 is somewhat a federal mandate, especially for anything that involves the Department of Defense, isn't it? I use it all the time myself, and there are a lot of roadblocks in the way of things working correctly. The military, especially the Army, is notorious for bureaucracy and red tape.
setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from read access on the file disable_ipv6
ll -Z shows -rw-r--r--. root root system_u:object_r:sysctl_net_t:s0 /proc/sys/net/ipv6/conf/all/disable_ipv6
I find this peculiar. Anyone have a resolution, or is this a bug?
Though the combination sounds alarming, this is probably only a file descriptor left open by whatever program called sendmail. That program should either close the file disable_ipv6 after use or set the CLOSE_ON_EXEC flag in the file descriptor.
If you search for it, there are many such cases, even bug reports for CentOS-7:
https://bugs.centos.org/view.php?id=12396
But no solution yet.
Which program calls sendmail in your case?
Best regards Michael
PS: Don't feed the trolls.
selinux@lists.fedoraproject.org