On Tue, 18 Jul 2017 10:42:06 +0200, David Sommerseth <[log in to unmask]> wrote:

>On 17/07/17 20:15, Stephen Isard wrote:
>> On two SL7.3 systems where I have set exim as my mta alternative, I am
>> getting a lot of entries in /var/log/messages saying "SELinux is
>> preventing /usr/bin/exim from search access on the directory net", with
>> the usual accompanying "if you believe that exim should be allowed..."
>> stuff, but the logs don't explain what call to exim triggered the messages.
>>
>> Sealert -l tells me
>>
>> Raw Audit Messages
>> type=AVC msg=audit(1500313603.937:268): avc:  denied { search } for
>> pid=3097 comm="exim" name="net" dev="proc" ino=7154
>> scontext=system_u:system_r:exim_t:s0
>> tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir
>>
>> type=SYSCALL msg=audit(1500313603.937:268): arch=x86_64 syscall=open
>> success=no exit=EACCES a0=7ff03baef4b0 a1=80000 a2=1b6 a3=24 items=0
>> ppid=781 pid=3097 auid=4294967295 uid=0 gid=93 euid=0 suid=0 fsuid=0
>> egid=93 sgid=93 fsgid=93 tty=(none) ses=4294967295 comm=exim
>> exe=/usr/sbin/exim subj=system_u:system_r:exim_t:s0 key=(null)
>>
>> which doesn't seem to be much help.
>>
>> Searches turn up two Centos 7 reports,
>> https://bugs.centos.org/view.php?id=13247 and
>> https://bugs.centos.org/view.php?id=12913 that look as if they might be
>> the same thing with different mta alternatives, but no response to either.
>
>Yes, this is exim trying to read some files in /proc/sys/net, starting
>with scanning the directory.  I'd suggest reporting this as an bug in
>the Red Hat bug tracker, file it under selinux-policy component - that
>team should be able to figure out if this is a bug or not.  My quick
>search there didn't turn up anything in particular.

I followed your suggestion (https://bugzilla.redhat.com/show_bug.cgi?id=1472432) and got
a comment from [log in to unmask] that it looks the same as BZ#1444441, but I don't have
permission to view that.