fc4 procmail audit.log entries

Mon Oct 17 16:08:50 UTC 2005

Greetings,

I'm running procmail and spamassassin on a fully patched FC4 box.

I have the following procmail related entries in audit.log:

type=AVC msg=audit(1129564863.023:3868): avc:  denied  { search } for
pid=5450 comm="procmail" name="tmp" dev=dm-0 ino=262145
scontext=root:system_r:postfix_local_t tcontext=system_u:object_r:tmp_t
tclass=dir
type=SYSCALL msg=audit(1129564863.023:3868): arch=40000003 syscall=196
success=no exit=-2 a0=93f8eb0 a1=bfc64dac a2=8b7ff4 a3=93f8ec1 items=1
pid=5450 auid=4294967295 uid=500 gid=501 euid=500 suid=500 fsuid=500
egid=501 sgid=501 fsgid=501 comm="procmail" exe="/usr/bin/procmail"
type=CWD msg=audit(1129564863.023:3868):  cwd="/home/jam"
type=PATH msg=audit(1129564863.023:3868): item=0 name="/tmp/_KVB
+8q8UDB.eros.zoidtechnolo" flags=310
type=AVC msg=audit(1129564863.023:3869): avc:  denied  { write } for
pid=5450 comm="procmail" name="tmp" dev=dm-0 ino=262145
scontext=root:system_r:postfix_local_t tcontext=system_u:object_r:tmp_t
tclass=dir
type=AVC msg=audit(1129564863.023:3869): avc:  denied  { add_name } for
pid=5450 comm="procmail" name="_KVB+8q8UDB.eros.zoidtechnolo"
scontext=root:system_r:postfix_local_t tcontext=system_u:object_r:tmp_t
tclass=dir
type=SYSCALL msg=audit(1129564863.023:3869): arch=40000003 syscall=5
success=yes exit=5 a0=93f8eb0 a1=80c1 a2=124 a3=80c1 items=1 pid=5450
auid=4294967295 uid=500 gid=501 euid=500 suid=500 fsuid=500 egid=501
sgid=501 fsgid=501 comm="procmail" exe="/usr/bin/procmail"

Regards,
J
-- 
Jeff MacDonald
Zoid Technologies
GPG Fingerprint: 0831 879E B6B4 C4CC D3C9 419F B12D E3CE B927 04B2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20051017/6e5de494/attachment.sig>