OK, here's one that I can't seem to figure out. Usually when I see log
entries like this, the fix is to be sure that the latest version of
selinux_policy_targetted is applied, and/or run restorecon against the
file being called. But at 4:02am, Mailman is attempting to call Python
to execute something, and this causes the following log entries in my
messages log:
Apr 10 04:02:27 master kernel: audit(1113123747.955:0): avc: denied
{ dac_override } for pid=17159 exe=/usr/bin/python capability=1
scontext=system_u:system_r:mailman_mail_t
tcontext=system_u:system_r:mailman_mail_t tclass=capability
Apr 10 04:02:27 master kernel: audit(1113123747.956:0): avc: denied
{ setgid } for pid=17159 exe=/usr/bin/python capability=6
scontext=system_u:system_r:mailman_mail_t
tcontext=system_u:system_r:mailman_mail_t tclass=capability
Apr 10 04:02:27 master kernel: audit(1113123747.956:0): avc: denied
{ setuid } for pid=17159 exe=/usr/bin/python capability=7
scontext=system_u:system_r:mailman_mail_t
tcontext=system_u:system_r:mailman_mail_t tclass=capability
Apr 10 04:02:27 master kernel: audit(1113123747.969:0): avc: denied
{ signal } for pid=17159 exe=/usr/bin/python
scontext=system_u:system_r:mailman_mail_t
tcontext=root:system_r:unconfined_t tclass=process
If I check the security context of /usr/bin/python, here is what I get:
-rwxr-xr-x 2 system_u:object_r:bin_t root root 5396 Feb 2
11:22 python
If I run restorecon /usr/bin/python, and then check the context again,
nothing changes.
I know there is a way to create a policy from these errors, and then
apply the policy to the system, but I would have thought that since my
Mailman and Python installations were from the supplied RPM packages,
and since I wasn't manually compiling them, then the policies that are
in place should already be there.
If anyone can give me a heads up about why this is happening, I would
appreciate it.
Thank you.
--
David
Registered Linux User 383030 (since everyone else was doing it 8-)
-----------------------------------------------------------------------
There are only 10 kinds of people in this world,
those who understand binary, and those who don't.
