strange messages to root, possibly SA related?
Gene Heskett
gene.heskett at verizon.net
Tue Nov 14 19:34:19 UTC 2006
On Tuesday 14 November 2006 13:43, Gene Heskett wrote:
>On Tuesday 14 November 2006 07:47, Craig White wrote:
>>On Tue, 2006-11-14 at 06:59 -0500, Gene Heskett wrote:
>>> On Tuesday 14 November 2006 06:19, Paul Howarth wrote:
>
>[...]
>
>>> { create } for pid=5967 comm="procmail"
>>> name="_PdB.uRYVFB.coyote.coyote.den" scontext=system_u:sys
>>
>>----
>>that 'spew' is fixed by reading...
>>
>>http://fedora.redhat.com/docs/selinux-faq-fc5/
>>
>>check the section, I have some denials that I would like to allow...
>
>Thanks Craig.
>
>Ok, went thru that procedure, now to watch the log. Looks like thats
>fixed, great. Now I've made a bash script out of all that typing, which
>assumes I don't want to edit the output of the first stage, but just
> goes ahead and processes it all.
>
>Does this have to be run at boottup, or is it permanent till I change
> it? I'd be a bit cautious of doing it every boot as it would just clear
> a hacker to allow his access, or so it seems to me.
>
Looks like I spoke too soon Craig. Its still fussing about fetchmail and
its lock file, but not everytime it wakes up, more like when there are
incoming messages maybe?
Looks like this now:
Nov 14 14:15:08 coyote setroubleshoot: SELinux is
preventing /usr/bin/procmail (fetchmail_t) "getattr" access
to /var/spool/mail/gene (mail_spool_t). See audit.log for complete
SELinux messages. id = 11c34da0-2dde-4583-a344-c5aaeb1f23c8
Nov 14 14:15:13 coyote setroubleshoot: SELinux is
preventing /usr/bin/procmail (fetchmail_t) "append" access to gene
(mail_spool_t). See audit.log for complete SELinux messages. id =
bc7cb842-de97-4e8e-98c0-6e1847c38ced
Nov 14 14:15:14 coyote setroubleshoot: SELinux is
preventing /usr/bin/procmail (fetchmail_t) "lock" access
to /var/spool/mail/gene (mail_spool_t). See audit.log for complete
SELinux messages. id = 1bb74305-b6fb-4f26-9bd5-5e6c4a392475
The audit.log:
type=SYSCALL msg=audit(1163531710.479:238): arch=40000003 syscall=5
success=yes exit=5 a0=9965168 a1=8441 a2=1b7 a3=8441 items=0 ppid=5318
pid=21400 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 tty=(none) comm="procmail"
exe="/usr/bin/procmail" subj=system_u:system_r:fetchmail_t:s0 key=(null)
type=AVC msg=audit(1163531710.480:239): avc: denied { lock } for
pid=21400 comm="procmail" name="gene" dev=dm-0 ino=19170972
scontext=system_u:system_r:fetchmail_t:s0
tcontext=system_u:object_r:mail_spool_t:s0 tclass=file
type=SYSCALL msg=audit(1163531710.480:239): arch=40000003 syscall=221
success=yes exit=0 a0=5 a1=e a2=805e898 a3=805e898 items=0 ppid=5318
pid=21400 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 tty=(none) comm="procmail"
exe="/usr/bin/procmail" subj=system_u:system_r:fetchmail_t:s0 key=(null)
type=AVC_PATH msg=audit(1163531710.480:239): path="/var/spool/mail/gene"
type=USER_END msg=audit(1163531749.782:240): user pid=21340 uid=0 auid=0
subj=root:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session close
acct=root : exe="/usr/sbin/userhelper" (hostname=?, addr=?, terminal=?
res=success)'
Which is all so much swahili to me.
Mail is flowing of course because its set permissive. But this doesn't
look like exactly the same error as before. Should I re-run the
procedure from the FAQ?
Thanks.
>--
>Cheers, Gene
--
Cheers, Gene
More information about the fedora-list
mailing list