Re: strange messages to root, possibly SA related?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday 14 November 2006 13:43, Gene Heskett wrote:
>On Tuesday 14 November 2006 07:47, Craig White wrote:
>>On Tue, 2006-11-14 at 06:59 -0500, Gene Heskett wrote:
>>> On Tuesday 14 November 2006 06:19, Paul Howarth wrote:
>
>[...]
>
>>>  { create } for  pid=5967 comm="procmail"
>>> name="_PdB.uRYVFB.coyote.coyote.den" scontext=system_u:sys
>>
>>----
>>that 'spew' is fixed by reading...
>>
>>http://fedora.redhat.com/docs/selinux-faq-fc5/
>>
>>check the section, I have some denials that I would like to allow...
>
>Thanks Craig.
>
>Ok, went thru that procedure, now to watch the log.  Looks like thats
>fixed, great.  Now I've made a bash script out of all that typing, which
>assumes I don't want to edit the output of the first stage, but just
> goes ahead and processes it all.
>
>Does this have to be run at boottup, or is it permanent till I change
> it? I'd be a bit cautious of doing it every boot as it would just clear
> a hacker to allow his access, or so it seems to me.
>
Looks like I spoke too soon Craig.  Its still fussing about fetchmail and 
its lock file, but not everytime it wakes up, more like when there are 
incoming messages maybe?

Looks like this now:

Nov 14 14:15:08 coyote setroubleshoot:      SELinux is 
preventing /usr/bin/procmail (fetchmail_t) "getattr" access 
to /var/spool/mail/gene (mail_spool_t).      See audit.log for complete 
SELinux messages. id = 11c34da0-2dde-4583-a344-c5aaeb1f23c8
Nov 14 14:15:13 coyote setroubleshoot:      SELinux is 
preventing /usr/bin/procmail (fetchmail_t) "append" access to gene 
(mail_spool_t).      See audit.log for complete SELinux messages. id = 
bc7cb842-de97-4e8e-98c0-6e1847c38ced
Nov 14 14:15:14 coyote setroubleshoot:      SELinux is 
preventing /usr/bin/procmail (fetchmail_t) "lock" access 
to /var/spool/mail/gene (mail_spool_t).      See audit.log for complete 
SELinux messages. id = 1bb74305-b6fb-4f26-9bd5-5e6c4a392475

The audit.log:

type=SYSCALL msg=audit(1163531710.479:238): arch=40000003 syscall=5 
success=yes exit=5 a0=9965168 a1=8441 a2=1b7 a3=8441 items=0 ppid=5318 
pid=21400 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 
egid=500 sgid=500 fsgid=500 tty=(none) comm="procmail" 
exe="/usr/bin/procmail" subj=system_u:system_r:fetchmail_t:s0 key=(null)
type=AVC msg=audit(1163531710.480:239): avc:  denied  { lock } for  
pid=21400 comm="procmail" name="gene" dev=dm-0 ino=19170972 
scontext=system_u:system_r:fetchmail_t:s0 
tcontext=system_u:object_r:mail_spool_t:s0 tclass=file
type=SYSCALL msg=audit(1163531710.480:239): arch=40000003 syscall=221 
success=yes exit=0 a0=5 a1=e a2=805e898 a3=805e898 items=0 ppid=5318 
pid=21400 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 
egid=500 sgid=500 fsgid=500 tty=(none) comm="procmail" 
exe="/usr/bin/procmail" subj=system_u:system_r:fetchmail_t:s0 key=(null)
type=AVC_PATH msg=audit(1163531710.480:239):  path="/var/spool/mail/gene"
type=USER_END msg=audit(1163531749.782:240): user pid=21340 uid=0 auid=0 
subj=root:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session close 
acct=root : exe="/usr/sbin/userhelper" (hostname=?, addr=?, terminal=? 
res=success)'

Which is all so much swahili to me.

Mail is flowing of course because its set permissive.  But this doesn't 
look like exactly the same error as before.  Should I re-run the 
procedure from the FAQ?

Thanks.

>--
>Cheers, Gene

-- 
Cheers, Gene


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux