On Tue, 2006-11-14 at 06:59 -0500, Gene Heskett wrote:
> On Tuesday 14 November 2006 06:19, Paul Howarth wrote:
> >Gene Heskett wrote:
> >> Greetings;
> >>
> >> My logs now contain megabytes of selinux spew. I've disabled it for
> >> the time being, and have forgotten how one goes about having it
> >> regenerate its 'this is ok' list, can someone refresh me on that?
> >
> >Could you post a few samples of this spew?
> >
> >Paul.
> Sure, its quiet now since I've disabled it, but before I did, I had this
> on an every 90 second or so basis:
>
> ============================================
> Nov 11 01:54:52 coyote kernel: audit(1163228092.870:182): avc: denied {
> getattr } for pid=4236 comm="fetchmail" name=".fetchmailrc" dev=dm-0
> ino=29032467 scontext=syste
> m_u:system_r:fetchmail_t:s0 tcontext=root:object_r:user_home_t:s0
> tclass=file
> Nov 11 01:54:54 coyote kernel: audit(1163228094.106:183): avc: denied {
> ioctl } for pid=5633 comm="sh" name="[22634]" dev=pipefs ino=22634
> scontext=system_u:system_r:fe
> tchmail_t:s0 tcontext=system_u:system_r:fetchmail_t:s0 tclass=fifo_file
> Nov 11 01:54:54 coyote kernel: audit(1163228094.106:184): avc: denied {
> search } for pid=5633 comm="sh" name="sbin" dev=dm-0 ino=36864001
> scontext=system_u:system_r:fet
> chmail_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir
> Nov 11 01:54:54 coyote kernel: audit(1163228094.114:185): avc: denied {
> getattr } for pid=4236 comm="fetchmail" name="[22634]" dev=pipefs
> ino=22634 scontext=system_u:sy
> stem_r:fetchmail_t:s0 tcontext=system_u:system_r:fetchmail_t:s0
> tclass=fifo_file
> Nov 11 01:54:54 coyote kernel: audit(1163228094.114:186): avc: denied {
> write } for pid=4236 comm="fetchmail" name="[22634]" dev=pipefs
> ino=22634 scontext=system_u:syst
> em_r:fetchmail_t:s0 tcontext=system_u:system_r:fetchmail_t:s0
> tclass=fifo_file
> Nov 11 01:54:54 coyote kernel: audit(1163228094.114:187): avc: denied {
> read } for pid=5633 comm="procmail" name="[22634]" dev=pipefs ino=22634
> scontext=system_u:system
> _r:fetchmail_t:s0 tcontext=system_u:system_r:fetchmail_t:s0
> tclass=fifo_file
> Nov 11 01:54:54 coyote kernel: audit(1163228094.114:188): avc: denied {
> read } for pid=5633 comm="procmail" name=".procmailrc" dev=dm-0
> ino=29032466 scontext=system_u:s
> ystem_r:fetchmail_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
> Nov 11 01:54:54 coyote kernel: audit(1163228094.126:189): avc: denied {
> getattr } for pid=5639 comm="bash" name="formail" dev=dm-0 ino=6925589
> scontext=system_u:system_
> r:fetchmail_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
> Nov 11 01:54:54 coyote kernel: audit(1163228094.134:190): avc: denied {
> search } for pid=5643 comm="spamc" name="mail" dev=dm-0 ino=24609414
> scontext=system_u:system_r:
> fetchmail_t:s0 tcontext=system_u:object_r:etc_mail_t:s0 tclass=dir
> Nov 11 02:10:53 coyote ntpd[2917]: synchronized to LOCAL(0), stratum 10
> Nov 11 02:19:31 coyote ntpd[2917]: synchronized to 193.11.184.180, stratum
> 2
> Nov 11 02:19:35 coyote kernel: audit(1163229575.203:191): avc: denied {
> execute } for pid=5769 comm="procmail" name="spamc" dev=dm-0 ino=6935366
> scontext=system_u:syste
> m_r:fetchmail_t:s0 tcontext=system_u:object_r:spamc_exec_t:s0 tclass=file
> Nov 11 02:19:35 coyote kernel: audit(1163229575.203:192): avc: denied {
> execute_no_trans } for pid=5769 comm="procmail" name="spamc" dev=dm-0
> ino=6935366 scontext=syste
> m_u:system_r:fetchmail_t:s0 tcontext=system_u:object_r:spamc_exec_t:s0
> tclass=file
> Nov 11 02:19:35 coyote kernel: audit(1163229575.203:193): avc: denied {
> read } for pid=5769 comm="procmail" name="spamc" dev=dm-0 ino=6935366
> scontext=system_u:system_r
> :fetchmail_t:s0 tcontext=system_u:object_r:spamc_exec_t:s0 tclass=file
> Nov 11 03:01:03 coyote kernel: audit(1163232063.108:194): avc: denied {
> append } for pid=4236 comm="fetchmail" name="fetchmail.log" dev=dm-0
> ino=19170983 scontext=syste
> m_u:system_r:fetchmail_t:s0 tcontext=root:object_r:var_log_t:s0
> tclass=file
> Nov 11 03:01:04 coyote kernel: audit(1163232064.500:195): avc: denied {
> read } for pid=5923 comm="fetchmail" name="sh" dev=dm-0 ino=33128453
> scontext=system_u:system_r:
> fetchmail_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
> Nov 11 03:01:04 coyote kernel: audit(1163232064.504:196): avc: denied {
> execute } for pid=5923 comm="sh" name="procmail" dev=dm-0 ino=6933056
> scontext=system_u:system_r
> :fetchmail_t:s0 tcontext=system_u:object_r:procmail_exec_t:s0 tclass=file
> Nov 11 03:01:04 coyote kernel: audit(1163232064.504:197): avc: denied {
> execute_no_trans } for pid=5923 comm="sh" name="procmail" dev=dm-0
> ino=6933056 scontext=system_u
> :system_r:fetchmail_t:s0 tcontext=system_u:object_r:procmail_exec_t:s0
> tclass=file
> Nov 11 03:01:04 coyote kernel: audit(1163232064.504:198): avc: denied {
> read } for pid=5923 comm="sh" name="procmail" dev=dm-0 ino=6933056
> scontext=system_u:system_r:fe
> tchmail_t:s0 tcontext=system_u:object_r:procmail_exec_t:s0 tclass=file
> Nov 11 03:01:04 coyote kernel: audit(1163232064.508:199): avc: denied {
> send_msg } for pid=5927 comm="spamc" saddr=127.0.0.1 src=43491
> daddr=127.0.0.1 dest=783 netif=lo
> scontext=system_u:system_r:fetchmail_t:s0
> tcontext=system_u:object_r:spamd_port_t:s0 tclass=tcp_socket
> Nov 11 03:01:04 coyote kernel: audit(1163232064.508:200): avc: denied {
> recv_msg } for pid=5927 comm="spamc" saddr=127.0.0.1 src=783
> daddr=127.0.0.1 dest=43491 netif=lo
> scontext=system_u:system_r:fetchmail_t:s0
> tcontext=system_u:object_r:spamd_port_t:s0 tclass=tcp_socket
> Nov 11 03:06:06 coyote kernel: audit(1163232366.401:201): avc: denied {
> create } for pid=5967 comm="procmail"
> name="_PdB.uRYVFB.coyote.coyote.den" scontext=system_u:sys
----
that 'spew' is fixed by reading...
http://fedora.redhat.com/docs/selinux-faq-fc5/
check the section, I have some denials that I would like to allow...
Craig
