On Apr 11, 2005 11:27 AM, David Hoffman <dhoffman2004@xxxxxxxxx> wrote: > > Are any of those apps SETUID? > > I'll have to wait until I am on site again later today. I'll look at > the cron files and see if anything that is called by the Mailman cron > file that runs at 4:02am is calling a Python script that might be > SETUID. I can not find that anything is being called that is SETUID. Apparently at 4:02am every Sunday, logrotate runs, and attempts to rotate logs for mailman. During the process of rotating the logs, it executes "/usr/lib/mailman/bin/mailmanctl reopen", which is a python script that is not SETUID. Without knowing python all that well, I figured that it is attempting to reset the mailman queue process to use the new log files. Part of the process of doing that appears to be a step that gets the pid number of the process. There is a directory called "/var/run/mailman" which contains a file called "master-qrunner.pid". This is nothing more than a pid file. The ownership and permissions on the file look fine. However the ownership and permissions of the directory "/var/run/mailman" look like it is SETGID. Since there is nothing executable, that kind of confused me. I manually ran mailmanctl reopen, and saw the same AVC error messages. I checked the security context of the /var/run/mailman directory and the master-qrunner.pid file, and then ran restorecon on them. I checked the security context again, and did not see any changes. But when I ran mailmanctl reopen again, I did not get error messages this time. I even totally stopped the mailman service and started it again. No errors. I'm a little baffled, but I suppose I'll wait until next Sunday morning just to double check and be sure that the log is clear. If anything I wrote triggers any thoughts, please share. -- David Registered Linux User 383030 (since everyone else was doing it 8-) ----------------------------------------------------------------------- There are only 10 kinds of people in this world, those who understand binary, and those who don't.
