Re: selinux hogs locks ? Re: f7 : yum fails with rpmdb: Lock table is out of available locker entries

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Wolfgang S. Rupprecht wrote:

Skunk Worx <skunkworx@xxxxxxxxxxx> writes:

Daniel J Walsh wrote:

Did you see avc messages in /var/log/audit/audit.log?

I don't see anything that looks like yum or rpm related, my log is
much smaller.


One thing that stands out (by virtue of having the word "lock" in it
;-)) is the postfix mailbox locking.  It might not be anything, since
I'm not really sure which needle in this haystack I'm looking for.

# grep -i lock audit.log  | grep -v clock_device | tail
type=AVC msg=audit(1181331871.161:339): avc:  denied  { remove_name } for  pid=11667 comm="local" name="Mailbox.lock" dev=dm-0 ino=70551655 scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
type=AVC msg=audit(1181331871.161:339): avc:  denied  { unlink } for  pid=11667 comm="local" name="Mailbox.lock" dev=dm-0 ino=70551655 scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file
type=AVC msg=audit(1181333061.829:345): avc:  denied  { add_name } for  pid=11835 comm="local" name="Mailbox.lock" scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
type=AVC msg=audit(1181333064.210:346): avc:  denied  { remove_name } for  pid=11835 comm="local" name="Mailbox.lock" dev=dm-0 ino=71697052 scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
type=AVC msg=audit(1181333216.630:357): avc:  denied  { add_name } for  pid=11861 comm="local" name="Mailbox.lock" scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
type=AVC msg=audit(1181333217.129:358): avc:  denied  { remove_name } for  pid=11861 comm="local" name="Mailbox.lock" dev=dm-0 ino=70551655 scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
type=AVC msg=audit(1181336644.216:383): avc:  denied  { add_name } for  pid=12469 comm="local" name="Mailbox.lock" scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
type=AVC msg=audit(1181336644.216:383): avc:  denied  { create } for  pid=12469 comm="local" name="Mailbox.lock" scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file
type=AVC msg=audit(1181336644.225:384): avc:  denied  { remove_name } for  pid=12469 comm="local" name="Mailbox.lock" dev=dm-0 ino=70551655 scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
type=AVC msg=audit(1181336644.225:384): avc:  denied  { unlink } for  pid=12469 comm="local" name="Mailbox.lock" dev=dm-0 ino=70551655 scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file

-wolfgang
This looks like you have postfix attempting to create a file (Mailbox.lock) in the / directory?
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux