[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: postfix, procmail and SELinux - No Go



On Mon, 2006-06-26 at 12:38 +0100, Paul Howarth wrote:
> Marc Schwartz wrote:
> > Nicolas Mailhot wrote:
> >> Paul Howarth a écrit :
> >>> On Sat, 2006-06-24 at 17:40 -0500, Marc Schwartz wrote:
> >>
> >>>> 'pyzor discover' updates the pyzor server list.
> >>>>
> >>>> 'razor-admin -discover' does the same for the razor servers.
> >>> Can these be made to write files somewhere other than /.razor etc?
> >>>
> >>> Are the files written there just like the ones for regular users, e.g.
> >>> default preference settings?
> >>
> >> actually razor discover and pyzor discover should just write
> >> system-wide files in /var/cache in an ideal word, instead of having
> >> every user re-download the list all by itself
> >>
> >> Don't know if it's possible and if it is not, how difficult it would
> >> be to fix.
> > 
> > Guys, let me propose something here, at least as one possibility.
> > 
> > In reviewing the docs for razor and pyzor, it would seem that there are 
> > some default file locations as we are experiencing. By default, these 
> > appear to be user specific (ie. ~/.pyzor and ~/.razor), where the user 
> > could be me, root or the "system". This includes the server updating 
> > process.
> 
> What I'm wondering is how this could end up creating directories /.razor 
> and /.pyzor since the root directory (as opposed to the /root directory) 
> is not the home directory of any user, and shouldn't be writable by 
> anyone other than root.

Not sure about why /.razor and /.pyzor get created. The files in them
are stamped with the same date/time as the cron jobs, however do not get
updated when I run the same update programs from the CLI as with root's
below. Something with ENV variables or UID I suspect, but not sure.

The root dirs (/root/.pyzor and /root/.razor, as well as the razor log
file in /root) seem to get created during the cron jobs and I could
replicate this from the CLI.

However, see more below.

> > It occurs to me that one potential confounding variable here is that I 
> > am running these processes as a local user on a single user system, 
> > rather than a system-wide approach as one might do with a central server 
> > processing incoming e-mail for multiple user accounts. That includes my 
> > use of ~/.procmailrc as the primary means to process both virus (via 
> > clamassassin/clamav) and spam (via SA + these additional tools).
> > 
> > Presumably a SysAdmin on a multi-user system would take a different 
> > approach and perhaps would use other means to integrate the processing 
> > of viri and spam (such as Amavis as Nicolas has mentioned). This would 
> > afford other approaches to the default configuration of these other tools.
> 
> The spamassassin wiki has a page on this:
> 
> http://wiki.apache.org/spamassassin/UsingPyzor

Thanks for this.  In addition, I read through:

http://wiki.apache.org/spamassassin/RazorSiteWide
http://wiki.apache.org/spamassassin/UsingRazor
http://wiki.apache.org/spamassassin/InstallingDCC
http://wiki.apache.org/spamassassin/UsingDcc

The result of which is the following:

1. I made the following adds in /etc/mail/spamassassin/local.cf:

pyzor_options --homedir /etc/mail/spamassassin
razor_config /etc/mail/spamassassin/.razor/razor-agent.conf


2. I created /etc/mail/spamassassin/.razor/razor-agent.conf, which
contains:

razorhome = /etc/mail/spamassassin/.razor/


3. I modified the /etc/crontab commands that execute the pyzor and razor
updates to:

# Run pyzor update at 1:10 am
10 01 * * * root /usr/bin/pyzor --homedir /etc/mail/spamassassin discover > /dev/null

# Run razor update at 1:20 am
20 01 * * * root /usr/bin/razor-admin -home=/etc/mail/spamassassin/.razor -discover > /dev/null


The above now force the use of the system-wide SA settings in 1 and 2
above.


Note also that there is /etc/sysconfig/spamassassin, which contains:

  SPAMDOPTIONS="-d -c -m2 -H"

I only modified the '-m2' option to reduce the number of concurrent
sessions from 5 (-m5) to 2.  The '-H' options enables the specification
of a different HOME directory, which then enables the use of the above
config files for razor and pyzor when spamc/d are called. The other
options are FC installed defaults.


The result of all of this is that the pyzor and razor updates are now
limited to the system-wide file(s) in:

# For pyzor, the single file
/etc/mail/spamassassin/servers

# For razor, the dir tree
/etc/mail/spamassassin/.razor/*

Thus, no more user specific files are created.  Yeah!  :-)

Note also, that I _did not_ create new user groups to run these apps, as
is suggested on some of the above pages. The current configuration seems
to solve the problem without those additional steps.

> > To Nicolas' points below, there are some issues with these things moving 
> > in a non-GPL mode, if they are not already there.  I do note however 
> > that both razor and pyzor are still in Extras for FC5 and are present in 
> > Extras for devel (http://fedoraproject.org/extras/development/i386/). I 
> > also whole heartedly support his contention that these tools 
> > dramatically improve the processing of spam.
> > 
> > In either case, one option for me here within the notion of this being a 
> > single user process, is to move the cron jobs that update razor and 
> > pyzor from the system /etc/crontab to my user cron file vie "crontab -e" 
> > (/var/spool/cron/marcs). I already have fetchmail and some backup 
> > scripts running there anyway.
> 
> I think that would be a good move; it should at least prevent the 
> creation of directories straight under the root.

Well...hopefully with the above, we should be good to go, save DCC.

> > The dcc update process would need to stay in /etc/crontab since it 
> > downloads, compiles and installs the system-wide dcc client.
> 
> Compiles as root? Ugh!

Yep.  If there are any options on the DCC install page that I noted in
my other reply that make sense here, let me know. I am willing to try
alternatives.

Of course, let me know on the dccproc context change and what you might
want to do about that.

> > Another option, perhaps, would be for the FE razor and pyzor maintainers 
> > to adjust the respective app defaults for FE with an eye towards SELinux 
> > policy issues in future updates. In that way, perhaps the default 
> > locations could be in /etc or /var as Nicolas notes above. That might 
> > provide for a means to handle both single user and multi user 
> > configurations, though the impact on other tools would need to be 
> > considered as may be appropriate.
> 
> If we can figure how how to make them work sanely, I'm confident that 
> the maintainers would be open to suggestions (preferably with patches).

Well, hopefully we are on the right track with the above.

OK...so now with all of that going on, here are the latest avc's:

# semodule -l
amavis  1.0.4
clamav  1.0.1
dcc     1.0.0
myclamav        0.1.1
mydcc   0.1.6
mypostfix       0.1.0
mypyzor 0.2.1
myspamassassin  0.1.1
procmail        0.5.4
pyzor   1.0.1
razor   1.0.0


type=AVC msg=audit(1151351642.927:3274): avc:  denied  { use } for  pid=26956 comm="clamassassin" name="[251491]" dev=pipefs ino=251491 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=fd
type=AVC msg=audit(1151351642.927:3274): avc:  denied  { write } for  pid=26956 comm="clamassassin" name="[251491]" dev=pipefs ino=251491 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1151351642.927:3274): arch=40000003 syscall=11 success=yes exit=0 a0=9502d60 a1=9502008 a2=95058f0 a3=0 items=3 pid=26956 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151351642.927:3274):  path="pipe:[251491]"
type=AVC_PATH msg=audit(1151351642.927:3274):  path="pipe:[251491]"
type=CWD msg=audit(1151351642.927:3274):  cwd="/home/marcs"
type=PATH msg=audit(1151351642.927:3274): item=0 name="/usr/local/bin/clamassassin" inode=3115337 dev=16:07 mode=0100555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:clamassassin_exec_t:s0
type=PATH msg=audit(1151351642.927:3274): item=1 name=(null) inode=1966191 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0
type=PATH msg=audit(1151351642.927:3274): item=2 name=(null) inode=754491 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0
type=AVC msg=audit(1151351642.927:3275): avc:  denied  { search } for  pid=26956 comm="clamassassin" name="etc" dev=hdc7 ino=1048577 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
type=SYSCALL msg=audit(1151351642.927:3275): arch=40000003 syscall=33 success=no exit=-2 a0=47fcc4df a1=4 a2=47fcffd8 a3=47fd06b8 items=1 pid=26956 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151351642.927:3275):  cwd="/home/marcs"
type=PATH msg=audit(1151351642.927:3275): item=0 name="/etc/ld.so.preload" obj=system_u:object_r:clamassassin_exec_t:s0
type=AVC msg=audit(1151351642.931:3276): avc:  denied  { read } for  pid=26956 comm="clamassassin" name="ld.so.cache" dev=hdc7 ino=1049124 scontext=system_u:system_r:clamassassin_t:s0 tcontext=user_u:object_r:ld_so_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1151351642.931:3276): arch=40000003 syscall=5 success=yes exit=3 a0=47fcc6c7 a1=0 a2=0 a3=47fd0890 items=1 pid=26956 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151351642.931:3276):  cwd="/home/marcs"
type=PATH msg=audit(1151351642.931:3276): item=0 name="/etc/ld.so.cache" inode=1049124 dev=16:07 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:ld_so_cache_t:s0
type=AVC msg=audit(1151351642.931:3277): avc:  denied  { getattr } for  pid=26956 comm="clamassassin" name="ld.so.cache" dev=hdc7 ino=1049124 scontext=system_u:system_r:clamassassin_t:s0 tcontext=user_u:object_r:ld_so_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1151351642.931:3277): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfee7a5c a2=47fcffd8 a3=ffffffff items=0 pid=26956 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151351642.931:3277):  path="/etc/ld.so.cache"
type=AVC msg=audit(1151351642.931:3278): avc:  denied  { search } for  pid=26956 comm="clamassassin" name="lib" dev=hdc7 ino=753665 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
type=AVC msg=audit(1151351642.931:3278): avc:  denied  { read } for  pid=26956 comm="clamassassin" name="libtermcap.so.2" dev=hdc7 ino=753723 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=lnk_file
type=AVC msg=audit(1151351642.931:3278): avc:  denied  { read } for  pid=26956 comm="clamassassin" name="libtermcap.so.2.0.8" dev=hdc7 ino=754516 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1151351642.931:3278): arch=40000003 syscall=5 success=yes exit=3 a0=b7f95e11 a1=0 a2=1f3a0 a3=8 items=1 pid=26956 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151351642.931:3278):  cwd="/home/marcs"
type=PATH msg=audit(1151351642.931:3278): item=0 name="/lib/libtermcap.so.2" inode=754516 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:lib_t:s0
type=AVC msg=audit(1151351642.931:3279): avc:  denied  { getattr } for  pid=26956 comm="clamassassin" name="libtermcap.so.2.0.8" dev=hdc7 ino=754516 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1151351642.931:3279): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfee7ae0 a2=47fcffd8 a3=3 items=0 pid=26956 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151351642.931:3279):  path="/lib/libtermcap.so.2.0.8"
type=AVC msg=audit(1151351642.931:3280): avc:  denied  { execute } for  pid=26956 comm="clamassassin" name="libtermcap.so.2.0.8" dev=hdc7 ino=754516 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1151351642.931:3280): arch=40000003 syscall=192 success=yes exit=1208868864 a0=480de000 a1=3a88 a2=5 a3=802 items=0 pid=26956 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151351642.931:3280):  path="/lib/libtermcap.so.2.0.8"
type=AVC msg=audit(1151351642.931:3281): avc:  denied  { read } for  pid=26956 comm="clamassassin" name="ld-2.4.so" dev=hdc7 ino=754491 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
type=SYSCALL msg=audit(1151351642.931:3281): arch=40000003 syscall=125 success=yes exit=0 a0=47fcf000 a1=1000 a2=1 a3=47fd0300 items=0 pid=26956 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151351642.931:3281):  path="/lib/ld-2.4.so"
type=AVC msg=audit(1151351642.931:3282): avc:  denied  { search } for  pid=26956 comm="clamassassin" name="/" dev=proc ino=1 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=dir
type=AVC msg=audit(1151351642.931:3282): avc:  denied  { read } for  pid=26956 comm="clamassassin" name="meminfo" dev=proc ino=-268435454 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=SYSCALL msg=audit(1151351642.931:3282): arch=40000003 syscall=5 success=yes exit=3 a0=489093ef a1=0 a2=1b6 a3=9555240 items=1 pid=26956 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151351642.931:3282):  cwd="/home/marcs"
type=PATH msg=audit(1151351642.931:3282): item=0 name="/proc/meminfo" inode=4026531842 dev=00:03 mode=0100444 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1151351642.931:3283): avc:  denied  { getattr } for  pid=26956 comm="clamassassin" name="meminfo" dev=proc ino=-268435454 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=SYSCALL msg=audit(1151351642.931:3283): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfee6038 a2=4891eff4 a3=3 items=0 pid=26956 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151351642.931:3283):  path="/proc/meminfo"
type=AVC msg=audit(1151351642.935:3284): avc:  denied  { search } for  pid=26956 comm="clamassassin" name="usr" dev=hdc7 ino=3112961 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=AVC msg=audit(1151351642.935:3284): avc:  denied  { search } for  pid=26956 comm="clamassassin" name="bin" dev=hdc7 ino=3112982 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
type=SYSCALL msg=audit(1151351642.935:3284): arch=40000003 syscall=5 success=yes exit=3 a0=9557018 a1=8000 a2=0 a3=8000 items=1 pid=26956 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151351642.935:3284):  cwd="/home/marcs"
type=PATH msg=audit(1151351642.935:3284): item=0 name="/usr/local/bin/clamassassin" inode=3115337 dev=16:07 mode=0100555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:clamassassin_exec_t:s0
type=AVC msg=audit(1151351642.943:3285): avc:  denied  { execute } for  pid=26957 comm="clamassassin" name="mktemp" dev=hdc7 ino=1966111 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1151351642.943:3285): avc:  denied  { execute_no_trans } for  pid=26957 comm="clamassassin" name="mktemp" dev=hdc7 ino=1966111 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1151351642.943:3285): avc:  denied  { read } for  pid=26957 comm="clamassassin" name="mktemp" dev=hdc7 ino=1966111 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1151351642.943:3285): avc:  denied  { execute } for  pid=26957 comm="clamassassin" name="ld-2.4.so" dev=hdc7 ino=754491 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
type=SYSCALL msg=audit(1151351642.943:3285): arch=40000003 syscall=11 success=yes exit=0 a0=95572c0 a1=9557500 a2=955add0 a3=9557228 items=2 pid=26957 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mktemp" exe="/bin/mktemp" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151351642.943:3285):  path="/bin/mktemp"
type=AVC_PATH msg=audit(1151351642.943:3285):  path="/bin/mktemp"
type=CWD msg=audit(1151351642.943:3285):  cwd="/home/marcs"
type=PATH msg=audit(1151351642.943:3285): item=0 name="/bin/mktemp" inode=1966111 dev=16:07 mode=0100555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0
type=PATH msg=audit(1151351642.943:3285): item=1 name=(null) inode=754491 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0
type=AVC msg=audit(1151351642.943:3286): avc:  denied  { read } for  pid=26957 comm="mktemp" name="urandom" dev=tmpfs ino=2006 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1151351642.943:3286): arch=40000003 syscall=5 success=yes exit=3 a0=80494d8 a1=0 a2=48920120 a3=85af008 items=1 pid=26957 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mktemp" exe="/bin/mktemp" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151351642.943:3286):  cwd="/home/marcs"
type=PATH msg=audit(1151351642.943:3286): item=0 name="/dev/urandom" inode=2006 dev=00:0f mode=020444 ouid=0 ogid=0 rdev=01:09 obj=system_u:object_r:urandom_device_t:s0
type=AVC msg=audit(1151351642.947:3287): avc:  denied  { getattr } for  pid=26957 comm="mktemp" name="[251497]" dev=pipefs ino=251497 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:system_r:clamassassin_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1151351642.947:3287): arch=40000003 syscall=197 success=yes exit=0 a0=1 a1=bf8893d0 a2=4891eff4 a3=1 items=0 pid=26957 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mktemp" exe="/bin/mktemp" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151351642.947:3287):  path="pipe:[251497]"
type=AVC msg=audit(1151351642.947:3288): avc:  denied  { write } for  pid=26957 comm="mktemp" name="[251497]" dev=pipefs ino=251497 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:system_r:clamassassin_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1151351642.947:3288): arch=40000003 syscall=4 success=yes exit=32 a0=1 a1=b7f9b000 a2=20 a3=20 items=0 pid=26957 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mktemp" exe="/bin/mktemp" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151351642.947:3288):  path="pipe:[251497]"
type=AVC msg=audit(1151351642.947:3289): avc:  denied  { read } for  pid=26956 comm="clamassassin" name="[251497]" dev=pipefs ino=251497 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:system_r:clamassassin_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1151351642.947:3289): arch=40000003 syscall=3 success=yes exit=32 a0=3 a1=bfee7a18 a2=80 a3=80 items=0 pid=26956 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151351642.947:3289):  path="pipe:[251497]"
type=AVC msg=audit(1151351642.955:3290): avc:  denied  { use } for  pid=26960 comm="clamscan" name="[251496]" dev=pipefs ino=251496 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:system_r:procmail_t:s0 tclass=fd
type=AVC msg=audit(1151351642.955:3290): avc:  denied  { read } for  pid=26960 comm="clamscan" name="[251496]" dev=pipefs ino=251496 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:system_r:procmail_t:s0 tclass=fifo_file
type=AVC msg=audit(1151351642.955:3290): avc:  denied  { use } for  pid=26960 comm="clamscan" name="[251491]" dev=pipefs ino=251491 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=fd
type=AVC msg=audit(1151351642.955:3290): avc:  denied  { write } for  pid=26960 comm="clamscan" name="[251491]" dev=pipefs ino=251491 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1151351642.955:3290): arch=40000003 syscall=11 success=yes exit=0 a0=955ac00 a1=955a210 a2=955add0 a3=955ad90 items=2 pid=26960 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0
type=AVC_PATH msg=audit(1151351642.955:3290):  path="pipe:[251491]"
type=AVC_PATH msg=audit(1151351642.955:3290):  path="pipe:[251491]"
type=AVC_PATH msg=audit(1151351642.955:3290):  path="pipe:[251496]"
type=AVC_PATH msg=audit(1151351642.955:3290):  path="pipe:[251496]"
type=CWD msg=audit(1151351642.955:3290):  cwd="/home/marcs"
type=PATH msg=audit(1151351642.955:3290): item=0 name="/usr/bin/clamscan" inode=3123838 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:clamscan_exec_t:s0
type=PATH msg=audit(1151351642.955:3290): item=1 name=(null) inode=754491 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0
type=AVC msg=audit(1151351646.796:3291): avc:  denied  { search } for  pid=26970 comm="pyzor" name="mail" dev=hdc7 ino=1049593 scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:object_r:etc_mail_t:s0 tclass=dir
type=SYSCALL msg=audit(1151351646.796:3291): arch=40000003 syscall=5 success=no exit=-2 a0=99817f8 a1=8000 a2=1b6 a3=99337c8 items=1 pid=26970 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=CWD msg=audit(1151351646.796:3291):  cwd="/"
type=PATH msg=audit(1151351646.796:3291): item=0 name="/etc/mail/spamassassin/config" obj=system_u:object_r:lib_t:s0
type=AVC msg=audit(1151351646.796:3292): avc:  denied  { getattr } for  pid=26970 comm="pyzor" name="spamassassin" dev=hdc7 ino=1049810 scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:object_r:etc_mail_t:s0 tclass=dir
type=SYSCALL msg=audit(1151351646.796:3292): arch=40000003 syscall=195 success=yes exit=0 a0=9982a78 a1=bfae9548 a2=4891eff4 a3=98f91b0 items=1 pid=26970 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=AVC_PATH msg=audit(1151351646.796:3292):  path="/etc/mail/spamassassin"
type=CWD msg=audit(1151351646.796:3292):  cwd="/"
type=PATH msg=audit(1151351646.796:3292): item=0 name="/etc/mail/spamassassin" inode=1049810 dev=16:07 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_mail_t:s0
type=AVC msg=audit(1151351646.796:3293): avc:  denied  { getattr } for  pid=26970 comm="pyzor" name="servers" dev=hdc7 ino=1051662 scontext=system_u:system_r:pyzor_t:s0 tcontext=user_u:object_r:etc_mail_t:s0 tclass=file
type=SYSCALL msg=audit(1151351646.796:3293): arch=40000003 syscall=195 success=yes exit=0 a0=9982a78 a1=bfae9548 a2=4891eff4 a3=98f91b0 items=1 pid=26970 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=AVC_PATH msg=audit(1151351646.796:3293):  path="/etc/mail/spamassassin/servers"
type=CWD msg=audit(1151351646.796:3293):  cwd="/"
type=PATH msg=audit(1151351646.796:3293): item=0 name="/etc/mail/spamassassin/servers" inode=1051662 dev=16:07 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:etc_mail_t:s0
type=AVC msg=audit(1151351646.796:3294): avc:  denied  { read } for  pid=26970 comm="pyzor" name="servers" dev=hdc7 ino=1051662 scontext=system_u:system_r:pyzor_t:s0 tcontext=user_u:object_r:etc_mail_t:s0 tclass=file
type=SYSCALL msg=audit(1151351646.796:3294): arch=40000003 syscall=5 success=yes exit=3 a0=9982a78 a1=8000 a2=1b6 a3=99337c8 items=1 pid=26970 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=CWD msg=audit(1151351646.796:3294):  cwd="/"
type=PATH msg=audit(1151351646.796:3294): item=0 name="/etc/mail/spamassassin/servers" inode=1051662 dev=16:07 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:etc_mail_t:s0
type=AVC msg=audit(1151351651.760:3295): avc:  denied  { create } for  pid=26973 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151351651.760:3295): arch=40000003 syscall=102 success=yes exit=3 a0=1 a1=bfaecda8 a2=4891eff4 a3=806a0ff items=0 pid=26973 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKETCALL msg=audit(1151351651.760:3295): nargs=3 a0=10 a1=3 a2=0
type=AVC msg=audit(1151351651.760:3296): avc:  denied  { bind } for  pid=26973 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151351651.760:3296): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfaecda8 a2=4891eff4 a3=3 items=0 pid=26973 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKADDR msg=audit(1151351651.760:3296): saddr=100000000000000000000000
type=SOCKETCALL msg=audit(1151351651.760:3296): nargs=3 a0=3 a1=bfaecdb4 a2=c
type=AVC msg=audit(1151351651.760:3297): avc:  denied  { getattr } for  pid=26973 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151351651.760:3297): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=bfaecda8 a2=4891eff4 a3=3 items=0 pid=26973 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKADDR msg=audit(1151351651.760:3297): saddr=100000005D69000000000000
type=SOCKETCALL msg=audit(1151351651.760:3297): nargs=3 a0=3 a1=bfaecdb4 a2=bfaecdc0
type=AVC msg=audit(1151351651.760:3298): avc:  denied  { write } for  pid=26973 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=AVC msg=audit(1151351651.760:3298): avc:  denied  { nlmsg_read } for  pid=26973 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151351651.760:3298): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=bfaebcf4 a2=4891eff4 a3=ffffffcc items=0 pid=26973 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKADDR msg=audit(1151351651.760:3298): saddr=100000000000000000000000
type=SOCKETCALL msg=audit(1151351651.760:3298): nargs=6 a0=3 a1=bfaecd6c a2=14 a3=0 a4=bfaecd80 a5=c
type=AVC msg=audit(1151351651.760:3299): avc:  denied  { read } for  pid=26973 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151351651.760:3299): arch=40000003 syscall=102 success=yes exit=128 a0=11 a1=bfaebcf4 a2=4891eff4 a3=ffffffcc items=0 pid=26973 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKADDR msg=audit(1151351651.760:3299): saddr=100000000000000000000000
type=SOCKETCALL msg=audit(1151351651.760:3299): nargs=3 a0=3 a1=bfaecd50 a2=0
type=AVC msg=audit(1151351651.764:3300): avc:  denied  { node_bind } for  pid=26973 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=udp_socket
type=SYSCALL msg=audit(1151351651.764:3300): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfaecde0 a2=4891eff4 a3=806a0ff items=0 pid=26973 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKADDR msg=audit(1151351651.764:3300): saddr=02000000000000000000000000000000
type=SOCKETCALL msg=audit(1151351651.764:3300): nargs=3 a0=4 a1=bfaece84 a2=10
type=AVC msg=audit(1151352002.668:3347): avc:  denied  { use } for  pid=28046 comm="clamassassin" name="[254837]" dev=pipefs ino=254837 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=fd
type=AVC msg=audit(1151352002.668:3347): avc:  denied  { write } for  pid=28046 comm="clamassassin" name="[254837]" dev=pipefs ino=254837 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1151352002.668:3347): arch=40000003 syscall=11 success=yes exit=0 a0=8f3ad60 a1=8f3a008 a2=8f3d6d0 a3=0 items=3 pid=28046 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352002.668:3347):  path="pipe:[254837]"
type=AVC_PATH msg=audit(1151352002.668:3347):  path="pipe:[254837]"
type=CWD msg=audit(1151352002.668:3347):  cwd="/home/marcs"
type=PATH msg=audit(1151352002.668:3347): item=0 name="/usr/local/bin/clamassassin" inode=3115337 dev=16:07 mode=0100555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:clamassassin_exec_t:s0
type=PATH msg=audit(1151352002.668:3347): item=1 name=(null) inode=1966191 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0
type=PATH msg=audit(1151352002.668:3347): item=2 name=(null) inode=754491 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0
type=AVC msg=audit(1151352002.668:3348): avc:  denied  { search } for  pid=28046 comm="clamassassin" name="etc" dev=hdc7 ino=1048577 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
type=SYSCALL msg=audit(1151352002.668:3348): arch=40000003 syscall=33 success=no exit=-2 a0=47fcc4df a1=4 a2=47fcffd8 a3=47fd06b8 items=1 pid=28046 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151352002.668:3348):  cwd="/home/marcs"
type=PATH msg=audit(1151352002.668:3348): item=0 name="/etc/ld.so.preload" obj=system_u:object_r:clamassassin_exec_t:s0
type=AVC msg=audit(1151352002.668:3349): avc:  denied  { read } for  pid=28046 comm="clamassassin" name="ld.so.cache" dev=hdc7 ino=1049124 scontext=system_u:system_r:clamassassin_t:s0 tcontext=user_u:object_r:ld_so_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1151352002.668:3349): arch=40000003 syscall=5 success=yes exit=3 a0=47fcc6c7 a1=0 a2=0 a3=47fd0890 items=1 pid=28046 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151352002.668:3349):  cwd="/home/marcs"
type=PATH msg=audit(1151352002.668:3349): item=0 name="/etc/ld.so.cache" inode=1049124 dev=16:07 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:ld_so_cache_t:s0
type=AVC msg=audit(1151352002.668:3350): avc:  denied  { getattr } for  pid=28046 comm="clamassassin" name="ld.so.cache" dev=hdc7 ino=1049124 scontext=system_u:system_r:clamassassin_t:s0 tcontext=user_u:object_r:ld_so_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1151352002.668:3350): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfd1d08c a2=47fcffd8 a3=ffffffff items=0 pid=28046 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352002.668:3350):  path="/etc/ld.so.cache"
type=AVC msg=audit(1151352002.668:3351): avc:  denied  { search } for  pid=28046 comm="clamassassin" name="lib" dev=hdc7 ino=753665 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
type=AVC msg=audit(1151352002.668:3351): avc:  denied  { read } for  pid=28046 comm="clamassassin" name="libtermcap.so.2.0.8" dev=hdc7 ino=754516 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1151352002.668:3351): arch=40000003 syscall=5 success=yes exit=3 a0=b7f30e11 a1=0 a2=1f3a0 a3=8 items=1 pid=28046 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151352002.668:3351):  cwd="/home/marcs"
type=PATH msg=audit(1151352002.668:3351): item=0 name="/lib/libtermcap.so.2" inode=754516 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:lib_t:s0
type=AVC msg=audit(1151352002.668:3352): avc:  denied  { getattr } for  pid=28046 comm="clamassassin" name="libtermcap.so.2.0.8" dev=hdc7 ino=754516 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1151352002.668:3352): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfd1d110 a2=47fcffd8 a3=3 items=0 pid=28046 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352002.668:3352):  path="/lib/libtermcap.so.2.0.8"
type=AVC msg=audit(1151352002.668:3353): avc:  denied  { execute } for  pid=28046 comm="clamassassin" name="libtermcap.so.2.0.8" dev=hdc7 ino=754516 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1151352002.668:3353): arch=40000003 syscall=192 success=yes exit=1208868864 a0=480de000 a1=3a88 a2=5 a3=802 items=0 pid=28046 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352002.668:3353):  path="/lib/libtermcap.so.2.0.8"
type=AVC msg=audit(1151352002.668:3354): avc:  denied  { read } for  pid=28046 comm="clamassassin" name="ld-2.4.so" dev=hdc7 ino=754491 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
type=SYSCALL msg=audit(1151352002.668:3354): arch=40000003 syscall=125 success=yes exit=0 a0=47fcf000 a1=1000 a2=1 a3=47fd0300 items=0 pid=28046 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352002.668:3354):  path="/lib/ld-2.4.so"
type=AVC msg=audit(1151352002.672:3355): avc:  denied  { search } for  pid=28046 comm="clamassassin" name="/" dev=proc ino=1 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=dir
type=AVC msg=audit(1151352002.672:3355): avc:  denied  { read } for  pid=28046 comm="clamassassin" name="meminfo" dev=proc ino=-268435454 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=SYSCALL msg=audit(1151352002.672:3355): arch=40000003 syscall=5 success=yes exit=3 a0=489093ef a1=0 a2=1b6 a3=90ba240 items=1 pid=28046 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151352002.672:3355):  cwd="/home/marcs"
type=PATH msg=audit(1151352002.672:3355): item=0 name="/proc/meminfo" inode=4026531842 dev=00:03 mode=0100444 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1151352002.672:3356): avc:  denied  { getattr } for  pid=28046 comm="clamassassin" name="meminfo" dev=proc ino=-268435454 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=SYSCALL msg=audit(1151352002.672:3356): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfd1b668 a2=4891eff4 a3=3 items=0 pid=28046 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352002.672:3356):  path="/proc/meminfo"
type=AVC msg=audit(1151352002.672:3357): avc:  denied  { search } for  pid=28046 comm="clamassassin" name="usr" dev=hdc7 ino=3112961 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=AVC msg=audit(1151352002.672:3357): avc:  denied  { search } for  pid=28046 comm="clamassassin" name="bin" dev=hdc7 ino=3112982 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
type=SYSCALL msg=audit(1151352002.672:3357): arch=40000003 syscall=5 success=yes exit=3 a0=90bc018 a1=8000 a2=0 a3=8000 items=1 pid=28046 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151352002.672:3357):  cwd="/home/marcs"
type=PATH msg=audit(1151352002.672:3357): item=0 name="/usr/local/bin/clamassassin" inode=3115337 dev=16:07 mode=0100555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:clamassassin_exec_t:s0
type=AVC msg=audit(1151352002.700:3358): avc:  denied  { execute } for  pid=28047 comm="clamassassin" name="mktemp" dev=hdc7 ino=1966111 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1151352002.700:3358): avc:  denied  { execute_no_trans } for  pid=28047 comm="clamassassin" name="mktemp" dev=hdc7 ino=1966111 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1151352002.700:3358): avc:  denied  { read } for  pid=28047 comm="clamassassin" name="mktemp" dev=hdc7 ino=1966111 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1151352002.700:3358): avc:  denied  { execute } for  pid=28047 comm="clamassassin" name="ld-2.4.so" dev=hdc7 ino=754491 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
type=AVC msg=audit(1151352002.704:3359): avc:  denied  { read } for  pid=28046 comm="clamassassin" name="[254843]" dev=pipefs ino=254843 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:system_r:clamassassin_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1151352002.700:3358): arch=40000003 syscall=11 success=yes exit=0 a0=90bc2c0 a1=90bc500 a2=90bfdd0 a3=90bc228 items=2 pid=28047 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mktemp" exe="/bin/mktemp" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352002.700:3358):  path="/bin/mktemp"
type=AVC_PATH msg=audit(1151352002.700:3358):  path="/bin/mktemp"
type=CWD msg=audit(1151352002.700:3358):  cwd="/home/marcs"
type=PATH msg=audit(1151352002.700:3358): item=0 name="/bin/mktemp" inode=1966111 dev=16:07 mode=0100555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0
type=PATH msg=audit(1151352002.700:3358): item=1 name=(null) inode=754491 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0
type=AVC msg=audit(1151352002.704:3360): avc:  denied  { read } for  pid=28047 comm="mktemp" name="urandom" dev=tmpfs ino=2006 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1151352002.704:3360): arch=40000003 syscall=5 success=yes exit=3 a0=80494d8 a1=0 a2=48920120 a3=86e5008 items=1 pid=28047 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mktemp" exe="/bin/mktemp" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151352002.704:3360):  cwd="/home/marcs"
type=PATH msg=audit(1151352002.704:3360): item=0 name="/dev/urandom" inode=2006 dev=00:0f mode=020444 ouid=0 ogid=0 rdev=01:09 obj=system_u:object_r:urandom_device_t:s0
type=AVC msg=audit(1151352002.708:3361): avc:  denied  { getattr } for  pid=28047 comm="mktemp" name="[254843]" dev=pipefs ino=254843 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:system_r:clamassassin_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1151352002.708:3361): arch=40000003 syscall=197 success=yes exit=0 a0=1 a1=bf832b70 a2=4891eff4 a3=1 items=0 pid=28047 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mktemp" exe="/bin/mktemp" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352002.708:3361):  path="pipe:[254843]"
type=AVC msg=audit(1151352002.708:3362): avc:  denied  { write } for  pid=28047 comm="mktemp" name="[254843]" dev=pipefs ino=254843 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:system_r:clamassassin_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1151352002.704:3359): arch=40000003 syscall=3 success=yes exit=32 a0=3 a1=bfd1d048 a2=80 a3=80 items=0 pid=28046 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352002.704:3359):  path="pipe:[254843]"
type=SYSCALL msg=audit(1151352002.708:3362): arch=40000003 syscall=4 success=yes exit=32 a0=1 a1=b7f65000 a2=20 a3=20 items=0 pid=28047 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mktemp" exe="/bin/mktemp" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352002.708:3362):  path="pipe:[254843]"
type=AVC msg=audit(1151352002.716:3363): avc:  denied  { use } for  pid=28050 comm="clamscan" name="[254842]" dev=pipefs ino=254842 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:system_r:procmail_t:s0 tclass=fd
type=AVC msg=audit(1151352002.716:3363): avc:  denied  { read } for  pid=28050 comm="clamscan" name="[254842]" dev=pipefs ino=254842 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:system_r:procmail_t:s0 tclass=fifo_file
type=AVC msg=audit(1151352002.716:3363): avc:  denied  { use } for  pid=28050 comm="clamscan" name="[254837]" dev=pipefs ino=254837 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=fd
type=AVC msg=audit(1151352002.716:3363): avc:  denied  { write } for  pid=28050 comm="clamscan" name="[254837]" dev=pipefs ino=254837 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1151352002.716:3363): arch=40000003 syscall=11 success=yes exit=0 a0=90bfc00 a1=90bf210 a2=90bfdd0 a3=90bfd90 items=2 pid=28050 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0
type=AVC_PATH msg=audit(1151352002.716:3363):  path="pipe:[254837]"
type=AVC_PATH msg=audit(1151352002.716:3363):  path="pipe:[254837]"
type=AVC_PATH msg=audit(1151352002.716:3363):  path="pipe:[254842]"
type=AVC_PATH msg=audit(1151352002.716:3363):  path="pipe:[254842]"
type=CWD msg=audit(1151352002.716:3363):  cwd="/home/marcs"
type=PATH msg=audit(1151352002.716:3363): item=0 name="/usr/bin/clamscan" inode=3123838 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:clamscan_exec_t:s0
type=PATH msg=audit(1151352002.716:3363): item=1 name=(null) inode=754491 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0
type=AVC msg=audit(1151352004.572:3364): avc:  denied  { execute } for  pid=28055 comm="clamassassin" name="ld-2.4.so" dev=hdc7 ino=754491 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
type=AVC msg=audit(1151352004.572:3364): avc:  denied  { read } for  pid=28055 comm="clamassassin" name="ld-2.4.so" dev=hdc7 ino=754491 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
type=SYSCALL msg=audit(1151352004.572:3364): arch=40000003 syscall=11 success=yes exit=0 a0=90bde00 a1=90c0fc8 a2=90bfdd0 a3=90c0320 items=2 pid=28055 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="formail" exe="/usr/bin/formail" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352004.572:3364):  path="/lib/ld-2.4.so"
type=CWD msg=audit(1151352004.572:3364):  cwd="/home/marcs"
type=PATH msg=audit(1151352004.572:3364): item=0 name="/usr/bin/formail" inode=3133721 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0
type=PATH msg=audit(1151352004.572:3364): item=1 name=(null) inode=754491 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0
type=AVC msg=audit(1151352004.576:3365): avc:  denied  { search } for  pid=28055 comm="formail" name="etc" dev=hdc7 ino=1048577 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
type=SYSCALL msg=audit(1151352004.576:3365): arch=40000003 syscall=33 success=no exit=-2 a0=47fcc4df a1=4 a2=47fcffd8 a3=47fd06b8 items=1 pid=28055 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="formail" exe="/usr/bin/formail" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151352004.576:3365):  cwd="/home/marcs"
type=PATH msg=audit(1151352004.576:3365): item=0 name="/etc/ld.so.preload" obj=system_u:object_r:bin_t:s0
type=AVC msg=audit(1151352004.576:3366): avc:  denied  { read } for  pid=28055 comm="formail" name="ld.so.cache" dev=hdc7 ino=1049124 scontext=system_u:system_r:clamassassin_t:s0 tcontext=user_u:object_r:ld_so_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1151352004.576:3366): arch=40000003 syscall=5 success=yes exit=3 a0=47fcc6c7 a1=0 a2=0 a3=47fd0890 items=1 pid=28055 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="formail" exe="/usr/bin/formail" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151352004.576:3366):  cwd="/home/marcs"
type=PATH msg=audit(1151352004.576:3366): item=0 name="/etc/ld.so.cache" inode=1049124 dev=16:07 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:ld_so_cache_t:s0
type=AVC msg=audit(1151352004.576:3367): avc:  denied  { getattr } for  pid=28055 comm="formail" name="ld.so.cache" dev=hdc7 ino=1049124 scontext=system_u:system_r:clamassassin_t:s0 tcontext=user_u:object_r:ld_so_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1151352004.576:3367): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf8a234c a2=47fcffd8 a3=ffffffff items=0 pid=28055 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="formail" exe="/usr/bin/formail" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352004.576:3367):  path="/etc/ld.so.cache"
type=AVC msg=audit(1151352004.576:3368): avc:  denied  { read } for  pid=28055 comm="formail" name="libm-2.4.so" dev=hdc7 ino=754494 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1151352004.576:3368): arch=40000003 syscall=5 success=yes exit=3 a0=b7fa69ed a1=0 a2=1f3a0 a3=8 items=1 pid=28055 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="formail" exe="/usr/bin/formail" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151352004.576:3368):  cwd="/home/marcs"
type=PATH msg=audit(1151352004.576:3368): item=0 name="/lib/libm.so.6" inode=754494 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:lib_t:s0
type=AVC msg=audit(1151352004.576:3369): avc:  denied  { getattr } for  pid=28055 comm="formail" name="libm-2.4.so" dev=hdc7 ino=754494 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1151352004.576:3369): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf8a23d0 a2=47fcffd8 a3=3 items=0 pid=28055 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="formail" exe="/usr/bin/formail" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352004.576:3369):  path="/lib/libm-2.4.so"
type=AVC msg=audit(1151352004.576:3370): avc:  denied  { execute } for  pid=28055 comm="formail" name="libm-2.4.so" dev=hdc7 ino=754494 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1151352004.576:3370): arch=40000003 syscall=192 success=yes exit=1217548288 a0=48925000 a1=24080 a2=5 a3=802 items=0 pid=28055 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="formail" exe="/usr/bin/formail" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352004.576:3370):  path="/lib/libm-2.4.so"
type=AVC msg=audit(1151352006.532:3371): avc:  denied  { search } for  pid=28060 comm="pyzor" name="mail" dev=hdc7 ino=1049593 scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:object_r:etc_mail_t:s0 tclass=dir
type=SYSCALL msg=audit(1151352006.532:3371): arch=40000003 syscall=5 success=no exit=-2 a0=887a7f8 a1=8000 a2=1b6 a3=882c7c8 items=1 pid=28060 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=CWD msg=audit(1151352006.532:3371):  cwd="/"
type=PATH msg=audit(1151352006.532:3371): item=0 name="/etc/mail/spamassassin/config" obj=system_u:object_r:lib_t:s0
type=AVC msg=audit(1151352006.532:3372): avc:  denied  { getattr } for  pid=28060 comm="pyzor" name="spamassassin" dev=hdc7 ino=1049810 scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:object_r:etc_mail_t:s0 tclass=dir
type=SYSCALL msg=audit(1151352006.532:3372): arch=40000003 syscall=195 success=yes exit=0 a0=887ba78 a1=bfe4d0a8 a2=4891eff4 a3=87f21b0 items=1 pid=28060 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=AVC_PATH msg=audit(1151352006.532:3372):  path="/etc/mail/spamassassin"
type=CWD msg=audit(1151352006.532:3372):  cwd="/"
type=PATH msg=audit(1151352006.532:3372): item=0 name="/etc/mail/spamassassin" inode=1049810 dev=16:07 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_mail_t:s0
type=AVC msg=audit(1151352006.532:3373): avc:  denied  { getattr } for  pid=28060 comm="pyzor" name="servers" dev=hdc7 ino=1051662 scontext=system_u:system_r:pyzor_t:s0 tcontext=user_u:object_r:etc_mail_t:s0 tclass=file
type=SYSCALL msg=audit(1151352006.532:3373): arch=40000003 syscall=195 success=yes exit=0 a0=887ba78 a1=bfe4d0a8 a2=4891eff4 a3=87f21b0 items=1 pid=28060 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=AVC_PATH msg=audit(1151352006.532:3373):  path="/etc/mail/spamassassin/servers"
type=CWD msg=audit(1151352006.532:3373):  cwd="/"
type=PATH msg=audit(1151352006.532:3373): item=0 name="/etc/mail/spamassassin/servers" inode=1051662 dev=16:07 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:etc_mail_t:s0
type=AVC msg=audit(1151352006.532:3374): avc:  denied  { read } for  pid=28060 comm="pyzor" name="servers" dev=hdc7 ino=1051662 scontext=system_u:system_r:pyzor_t:s0 tcontext=user_u:object_r:etc_mail_t:s0 tclass=file
type=SYSCALL msg=audit(1151352006.532:3374): arch=40000003 syscall=5 success=yes exit=3 a0=887ba78 a1=8000 a2=1b6 a3=882c7c8 items=1 pid=28060 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=CWD msg=audit(1151352006.532:3374):  cwd="/"
type=PATH msg=audit(1151352006.532:3374): item=0 name="/etc/mail/spamassassin/servers" inode=1051662 dev=16:07 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:etc_mail_t:s0
type=AVC msg=audit(1151352011.445:3375): avc:  denied  { create } for  pid=28243 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151352011.445:3375): arch=40000003 syscall=102 success=yes exit=3 a0=1 a1=bfea5968 a2=4891eff4 a3=806a0ff items=0 pid=28243 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKETCALL msg=audit(1151352011.445:3375): nargs=3 a0=10 a1=3 a2=0
type=AVC msg=audit(1151352011.445:3376): avc:  denied  { bind } for  pid=28243 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151352011.445:3376): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfea5968 a2=4891eff4 a3=3 items=0 pid=28243 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKADDR msg=audit(1151352011.445:3376): saddr=100000000000000000000000
type=SOCKETCALL msg=audit(1151352011.445:3376): nargs=3 a0=3 a1=bfea5974 a2=c
type=AVC msg=audit(1151352011.445:3377): avc:  denied  { getattr } for  pid=28243 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151352011.445:3377): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=bfea5968 a2=4891eff4 a3=3 items=0 pid=28243 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKADDR msg=audit(1151352011.445:3377): saddr=10000000536E000000000000
type=SOCKETCALL msg=audit(1151352011.445:3377): nargs=3 a0=3 a1=bfea5974 a2=bfea5980
type=AVC msg=audit(1151352011.449:3378): avc:  denied  { write } for  pid=28243 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=AVC msg=audit(1151352011.449:3378): avc:  denied  { nlmsg_read } for  pid=28243 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151352011.449:3378): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=bfea48b4 a2=4891eff4 a3=ffffffcc items=0 pid=28243 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKADDR msg=audit(1151352011.449:3378): saddr=100000000000000000000000
type=SOCKETCALL msg=audit(1151352011.449:3378): nargs=6 a0=3 a1=bfea592c a2=14 a3=0 a4=bfea5940 a5=c
type=AVC msg=audit(1151352011.449:3379): avc:  denied  { read } for  pid=28243 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151352011.449:3379): arch=40000003 syscall=102 success=yes exit=128 a0=11 a1=bfea48b4 a2=4891eff4 a3=ffffffcc items=0 pid=28243 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKADDR msg=audit(1151352011.449:3379): saddr=100000000000000000000000
type=SOCKETCALL msg=audit(1151352011.449:3379): nargs=3 a0=3 a1=bfea5910 a2=0
type=AVC msg=audit(1151352011.449:3380): avc:  denied  { node_bind } for  pid=28243 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=udp_socket
type=SYSCALL msg=audit(1151352011.449:3380): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfea59a0 a2=4891eff4 a3=806a0ff items=0 pid=28243 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKADDR msg=audit(1151352011.449:3380): saddr=02000000000000000000000000000000
type=SOCKETCALL msg=audit(1151352011.449:3380): nargs=3 a0=4 a1=bfea5a44 a2=10
type=AVC msg=audit(1151352842.172:3433): avc:  denied  { use } for  pid=8966 comm="clamassassin" name="[261675]" dev=pipefs ino=261675 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=fd
type=AVC msg=audit(1151352842.172:3433): avc:  denied  { write } for  pid=8966 comm="clamassassin" name="[261675]" dev=pipefs ino=261675 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1151352842.172:3433): arch=40000003 syscall=11 success=yes exit=0 a0=9657d60 a1=9657008 a2=9659db0 a3=0 items=3 pid=8966 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352842.172:3433):  path="pipe:[261675]"
type=AVC_PATH msg=audit(1151352842.172:3433):  path="pipe:[261675]"
type=CWD msg=audit(1151352842.172:3433):  cwd="/home/marcs"
type=PATH msg=audit(1151352842.172:3433): item=0 name="/usr/local/bin/clamassassin" inode=3115337 dev=16:07 mode=0100555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:clamassassin_exec_t:s0
type=PATH msg=audit(1151352842.172:3433): item=1 name=(null) inode=1966191 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0
type=PATH msg=audit(1151352842.172:3433): item=2 name=(null) inode=754491 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0
type=AVC msg=audit(1151352842.176:3434): avc:  denied  { search } for  pid=8966 comm="clamassassin" name="etc" dev=hdc7 ino=1048577 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
type=SYSCALL msg=audit(1151352842.176:3434): arch=40000003 syscall=33 success=no exit=-2 a0=47fcc4df a1=4 a2=47fcffd8 a3=47fd06b8 items=1 pid=8966 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151352842.176:3434):  cwd="/home/marcs"
type=PATH msg=audit(1151352842.176:3434): item=0 name="/etc/ld.so.preload" obj=system_u:object_r:clamassassin_exec_t:s0
type=AVC msg=audit(1151352842.176:3435): avc:  denied  { read } for  pid=8966 comm="clamassassin" name="ld.so.cache" dev=hdc7 ino=1049124 scontext=system_u:system_r:clamassassin_t:s0 tcontext=user_u:object_r:ld_so_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1151352842.176:3435): arch=40000003 syscall=5 success=yes exit=3 a0=47fcc6c7 a1=0 a2=0 a3=47fd0890 items=1 pid=8966 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151352842.176:3435):  cwd="/home/marcs"
type=PATH msg=audit(1151352842.176:3435): item=0 name="/etc/ld.so.cache" inode=1049124 dev=16:07 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:ld_so_cache_t:s0
type=AVC msg=audit(1151352842.176:3436): avc:  denied  { getattr } for  pid=8966 comm="clamassassin" name="ld.so.cache" dev=hdc7 ino=1049124 scontext=system_u:system_r:clamassassin_t:s0 tcontext=user_u:object_r:ld_so_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1151352842.176:3436): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf93acac a2=47fcffd8 a3=ffffffff items=0 pid=8966 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352842.176:3436):  path="/etc/ld.so.cache"
type=AVC msg=audit(1151352842.176:3437): avc:  denied  { search } for  pid=8966 comm="clamassassin" name="lib" dev=hdc7 ino=753665 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
type=AVC msg=audit(1151352842.176:3437): avc:  denied  { read } for  pid=8966 comm="clamassassin" name="libtermcap.so.2" dev=hdc7 ino=753723 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=lnk_file
type=AVC msg=audit(1151352842.176:3437): avc:  denied  { read } for  pid=8966 comm="clamassassin" name="libtermcap.so.2.0.8" dev=hdc7 ino=754516 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1151352842.176:3437): arch=40000003 syscall=5 success=yes exit=3 a0=b7f9be11 a1=0 a2=1f3a0 a3=8 items=1 pid=8966 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151352842.176:3437):  cwd="/home/marcs"
type=PATH msg=audit(1151352842.176:3437): item=0 name="/lib/libtermcap.so.2" inode=754516 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:lib_t:s0
type=AVC msg=audit(1151352842.176:3438): avc:  denied  { getattr } for  pid=8966 comm="clamassassin" name="libtermcap.so.2.0.8" dev=hdc7 ino=754516 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1151352842.176:3438): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf93ad30 a2=47fcffd8 a3=3 items=0 pid=8966 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352842.176:3438):  path="/lib/libtermcap.so.2.0.8"
type=AVC msg=audit(1151352842.176:3439): avc:  denied  { execute } for  pid=8966 comm="clamassassin" name="libtermcap.so.2.0.8" dev=hdc7 ino=754516 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1151352842.176:3439): arch=40000003 syscall=192 success=yes exit=1208868864 a0=480de000 a1=3a88 a2=5 a3=802 items=0 pid=8966 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352842.176:3439):  path="/lib/libtermcap.so.2.0.8"
type=AVC msg=audit(1151352842.176:3440): avc:  denied  { read } for  pid=8966 comm="clamassassin" name="ld-2.4.so" dev=hdc7 ino=754491 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
type=SYSCALL msg=audit(1151352842.176:3440): arch=40000003 syscall=125 success=yes exit=0 a0=47fcf000 a1=1000 a2=1 a3=47fd0300 items=0 pid=8966 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352842.176:3440):  path="/lib/ld-2.4.so"
type=AVC msg=audit(1151352842.176:3441): avc:  denied  { search } for  pid=8966 comm="clamassassin" name="/" dev=proc ino=1 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=dir
type=AVC msg=audit(1151352842.176:3441): avc:  denied  { read } for  pid=8966 comm="clamassassin" name="meminfo" dev=proc ino=-268435454 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=SYSCALL msg=audit(1151352842.176:3441): arch=40000003 syscall=5 success=yes exit=3 a0=489093ef a1=0 a2=1b6 a3=9f4f240 items=1 pid=8966 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151352842.176:3441):  cwd="/home/marcs"
type=PATH msg=audit(1151352842.176:3441): item=0 name="/proc/meminfo" inode=4026531842 dev=00:03 mode=0100444 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1151352842.176:3442): avc:  denied  { getattr } for  pid=8966 comm="clamassassin" name="meminfo" dev=proc ino=-268435454 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=SYSCALL msg=audit(1151352842.176:3442): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf939288 a2=4891eff4 a3=3 items=0 pid=8966 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352842.176:3442):  path="/proc/meminfo"
type=AVC msg=audit(1151352842.176:3443): avc:  denied  { search } for  pid=8966 comm="clamassassin" name="usr" dev=hdc7 ino=3112961 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=AVC msg=audit(1151352842.176:3443): avc:  denied  { search } for  pid=8966 comm="clamassassin" name="bin" dev=hdc7 ino=3112982 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
type=SYSCALL msg=audit(1151352842.176:3443): arch=40000003 syscall=5 success=yes exit=3 a0=9f51018 a1=8000 a2=0 a3=8000 items=1 pid=8966 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151352842.176:3443):  cwd="/home/marcs"
type=PATH msg=audit(1151352842.176:3443): item=0 name="/usr/local/bin/clamassassin" inode=3115337 dev=16:07 mode=0100555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:clamassassin_exec_t:s0
type=AVC msg=audit(1151352842.204:3444): avc:  denied  { execute } for  pid=8967 comm="clamassassin" name="mktemp" dev=hdc7 ino=1966111 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1151352842.204:3444): avc:  denied  { execute_no_trans } for  pid=8967 comm="clamassassin" name="mktemp" dev=hdc7 ino=1966111 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1151352842.204:3444): avc:  denied  { read } for  pid=8967 comm="clamassassin" name="mktemp" dev=hdc7 ino=1966111 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1151352842.204:3444): avc:  denied  { execute } for  pid=8967 comm="clamassassin" name="ld-2.4.so" dev=hdc7 ino=754491 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
type=SYSCALL msg=audit(1151352842.204:3444): arch=40000003 syscall=11 success=yes exit=0 a0=9f512c0 a1=9f51500 a2=9f54dd0 a3=9f51228 items=2 pid=8967 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mktemp" exe="/bin/mktemp" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352842.204:3444):  path="/bin/mktemp"
type=AVC_PATH msg=audit(1151352842.204:3444):  path="/bin/mktemp"
type=CWD msg=audit(1151352842.204:3444):  cwd="/home/marcs"
type=PATH msg=audit(1151352842.204:3444): item=0 name="/bin/mktemp" inode=1966111 dev=16:07 mode=0100555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0
type=PATH msg=audit(1151352842.204:3444): item=1 name=(null) inode=754491 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0
type=AVC msg=audit(1151352842.204:3445): avc:  denied  { read } for  pid=8967 comm="mktemp" name="urandom" dev=tmpfs ino=2006 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1151352842.204:3445): arch=40000003 syscall=5 success=yes exit=3 a0=80494d8 a1=0 a2=48920120 a3=9624008 items=1 pid=8967 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mktemp" exe="/bin/mktemp" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151352842.204:3445):  cwd="/home/marcs"
type=PATH msg=audit(1151352842.204:3445): item=0 name="/dev/urandom" inode=2006 dev=00:0f mode=020444 ouid=0 ogid=0 rdev=01:09 obj=system_u:object_r:urandom_device_t:s0
type=AVC msg=audit(1151352842.204:3446): avc:  denied  { getattr } for  pid=8967 comm="mktemp" name="[261681]" dev=pipefs ino=261681 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:system_r:clamassassin_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1151352842.204:3446): arch=40000003 syscall=197 success=yes exit=0 a0=1 a1=bfabe600 a2=4891eff4 a3=1 items=0 pid=8967 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mktemp" exe="/bin/mktemp" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352842.204:3446):  path="pipe:[261681]"
type=AVC msg=audit(1151352842.208:3447): avc:  denied  { write } for  pid=8967 comm="mktemp" name="[261681]" dev=pipefs ino=261681 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:system_r:clamassassin_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1151352842.208:3447): arch=40000003 syscall=4 success=yes exit=32 a0=1 a1=b7f26000 a2=20 a3=20 items=0 pid=8967 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mktemp" exe="/bin/mktemp" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352842.208:3447):  path="pipe:[261681]"
type=AVC msg=audit(1151352842.208:3448): avc:  denied  { read } for  pid=8966 comm="clamassassin" name="[261681]" dev=pipefs ino=261681 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:system_r:clamassassin_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1151352842.208:3448): arch=40000003 syscall=3 success=yes exit=32 a0=3 a1=bf93ac68 a2=80 a3=80 items=0 pid=8966 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamassassin" exe="/bin/bash" subj=system_u:system_r:clamassassin_t:s0
type=AVC_PATH msg=audit(1151352842.208:3448):  path="pipe:[261681]"
type=AVC msg=audit(1151352842.208:3449): avc:  denied  { use } for  pid=8972 comm="clamscan" name="[261680]" dev=pipefs ino=261680 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:system_r:procmail_t:s0 tclass=fd
type=AVC msg=audit(1151352842.208:3449): avc:  denied  { read } for  pid=8972 comm="clamscan" name="[261680]" dev=pipefs ino=261680 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:system_r:procmail_t:s0 tclass=fifo_file
type=AVC msg=audit(1151352842.208:3449): avc:  denied  { use } for  pid=8972 comm="clamscan" name="[261675]" dev=pipefs ino=261675 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=fd
type=AVC msg=audit(1151352842.208:3449): avc:  denied  { write } for  pid=8972 comm="clamscan" name="[261675]" dev=pipefs ino=261675 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1151352842.208:3449): arch=40000003 syscall=11 success=yes exit=0 a0=9f54c00 a1=9f54210 a2=9f54dd0 a3=9f54d90 items=2 pid=8972 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0
type=AVC_PATH msg=audit(1151352842.208:3449):  path="pipe:[261675]"
type=AVC_PATH msg=audit(1151352842.208:3449):  path="pipe:[261675]"
type=AVC_PATH msg=audit(1151352842.208:3449):  path="pipe:[261680]"
type=AVC_PATH msg=audit(1151352842.208:3449):  path="pipe:[261680]"
type=CWD msg=audit(1151352842.208:3449):  cwd="/home/marcs"
type=PATH msg=audit(1151352842.208:3449): item=0 name="/usr/bin/clamscan" inode=3123838 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:clamscan_exec_t:s0
type=PATH msg=audit(1151352842.208:3449): item=1 name=(null) inode=754491 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0
type=AVC msg=audit(1151352843.476:3450): avc:  denied  { read } for  pid=8997 comm="clamassassin" name="ld-linux.so.2" dev=hdc7 ino=757669 scontext=system_u:system_r:clamassassin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1151352843.476:3450): arch=40000003 syscall=11 success=yes exit=0 a0=9f52e00 a1=9f55fc8 a2=9f54dd0 a3=9f55320 items=2 pid=8997 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="formail" exe="/usr/bin/formail" subj=system_u:system_r:clamassassin_t:s0
type=CWD msg=audit(1151352843.476:3450):  cwd="/home/marcs"
type=PATH msg=audit(1151352843.476:3450): item=0 name="/usr/bin/formail" inode=3133721 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0
type=PATH msg=audit(1151352843.476:3450): item=1 name=(null) inode=754491 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0
type=AVC msg=audit(1151352847.417:3451): avc:  denied  { search } for  pid=9002 comm="pyzor" name="mail" dev=hdc7 ino=1049593 scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:object_r:etc_mail_t:s0 tclass=dir
type=SYSCALL msg=audit(1151352847.417:3451): arch=40000003 syscall=5 success=no exit=-2 a0=85577f8 a1=8000 a2=1b6 a3=85097c8 items=1 pid=9002 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=CWD msg=audit(1151352847.417:3451):  cwd="/"
type=PATH msg=audit(1151352847.417:3451): item=0 name="/etc/mail/spamassassin/config" obj=system_u:object_r:lib_t:s0
type=AVC msg=audit(1151352847.421:3452): avc:  denied  { getattr } for  pid=9002 comm="pyzor" name="spamassassin" dev=hdc7 ino=1049810 scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:object_r:etc_mail_t:s0 tclass=dir
type=SYSCALL msg=audit(1151352847.421:3452): arch=40000003 syscall=195 success=yes exit=0 a0=8558a78 a1=bfce9748 a2=4891eff4 a3=84cf1b0 items=1 pid=9002 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=AVC_PATH msg=audit(1151352847.421:3452):  path="/etc/mail/spamassassin"
type=CWD msg=audit(1151352847.421:3452):  cwd="/"
type=PATH msg=audit(1151352847.421:3452): item=0 name="/etc/mail/spamassassin" inode=1049810 dev=16:07 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_mail_t:s0
type=AVC msg=audit(1151352847.421:3453): avc:  denied  { getattr } for  pid=9002 comm="pyzor" name="servers" dev=hdc7 ino=1051662 scontext=system_u:system_r:pyzor_t:s0 tcontext=user_u:object_r:etc_mail_t:s0 tclass=file
type=SYSCALL msg=audit(1151352847.421:3453): arch=40000003 syscall=195 success=yes exit=0 a0=8558a78 a1=bfce9748 a2=4891eff4 a3=84cf1b0 items=1 pid=9002 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=AVC_PATH msg=audit(1151352847.421:3453):  path="/etc/mail/spamassassin/servers"
type=CWD msg=audit(1151352847.421:3453):  cwd="/"
type=PATH msg=audit(1151352847.421:3453): item=0 name="/etc/mail/spamassassin/servers" inode=1051662 dev=16:07 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:etc_mail_t:s0
type=AVC msg=audit(1151352847.421:3454): avc:  denied  { read } for  pid=9002 comm="pyzor" name="servers" dev=hdc7 ino=1051662 scontext=system_u:system_r:pyzor_t:s0 tcontext=user_u:object_r:etc_mail_t:s0 tclass=file
type=SYSCALL msg=audit(1151352847.421:3454): arch=40000003 syscall=5 success=yes exit=3 a0=8558a78 a1=8000 a2=1b6 a3=85097c8 items=1 pid=9002 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=CWD msg=audit(1151352847.421:3454):  cwd="/"
type=PATH msg=audit(1151352847.421:3454): item=0 name="/etc/mail/spamassassin/servers" inode=1051662 dev=16:07 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:etc_mail_t:s0
type=AVC msg=audit(1151352847.945:3455): avc:  denied  { create } for  pid=9003 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151352847.945:3455): arch=40000003 syscall=102 success=yes exit=3 a0=1 a1=bfed9998 a2=4891eff4 a3=806a0ff items=0 pid=9003 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKETCALL msg=audit(1151352847.945:3455): nargs=3 a0=10 a1=3 a2=0
type=AVC msg=audit(1151352847.949:3456): avc:  denied  { bind } for  pid=9003 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151352847.949:3456): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfed9998 a2=4891eff4 a3=3 items=0 pid=9003 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKADDR msg=audit(1151352847.949:3456): saddr=100000000000000000000000
type=SOCKETCALL msg=audit(1151352847.949:3456): nargs=3 a0=3 a1=bfed99a4 a2=c
type=AVC msg=audit(1151352847.949:3457): avc:  denied  { getattr } for  pid=9003 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151352847.949:3457): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=bfed9998 a2=4891eff4 a3=3 items=0 pid=9003 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKADDR msg=audit(1151352847.949:3457): saddr=100000002B23000000000000
type=SOCKETCALL msg=audit(1151352847.949:3457): nargs=3 a0=3 a1=bfed99a4 a2=bfed99b0
type=AVC msg=audit(1151352847.949:3458): avc:  denied  { write } for  pid=9003 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=AVC msg=audit(1151352847.949:3458): avc:  denied  { nlmsg_read } for  pid=9003 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151352847.949:3458): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=bfed88e4 a2=4891eff4 a3=ffffffcc items=0 pid=9003 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKADDR msg=audit(1151352847.949:3458): saddr=100000000000000000000000
type=SOCKETCALL msg=audit(1151352847.949:3458): nargs=6 a0=3 a1=bfed995c a2=14 a3=0 a4=bfed9970 a5=c
type=AVC msg=audit(1151352847.949:3459): avc:  denied  { read } for  pid=9003 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:system_r:dcc_client_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151352847.949:3459): arch=40000003 syscall=102 success=yes exit=128 a0=11 a1=bfed88e4 a2=4891eff4 a3=ffffffcc items=0 pid=9003 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKADDR msg=audit(1151352847.949:3459): saddr=100000000000000000000000
type=SOCKETCALL msg=audit(1151352847.949:3459): nargs=3 a0=3 a1=bfed9940 a2=0
type=AVC msg=audit(1151352847.953:3460): avc:  denied  { node_bind } for  pid=9003 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=udp_socket
type=SYSCALL msg=audit(1151352847.953:3460): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfed99d0 a2=4891eff4 a3=806a0ff items=0 pid=9003 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKADDR msg=audit(1151352847.953:3460): saddr=02000000000000000000000000000000
type=SOCKETCALL msg=audit(1151352847.953:3460): nargs=3 a0=4 a1=bfed9a74 a2=10
type=AVC msg=audit(1151353003.231:3476): avc:  denied  { search } for  pid=9317 comm="pyzor" name="mail" dev=hdc7 ino=1049593 scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:object_r:etc_mail_t:s0 tclass=dir
type=SYSCALL msg=audit(1151353003.231:3476): arch=40000003 syscall=5 success=no exit=-2 a0=8cc27f8 a1=8000 a2=1b6 a3=8c747c8 items=1 pid=9317 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=CWD msg=audit(1151353003.231:3476):  cwd="/"
type=PATH msg=audit(1151353003.231:3476): item=0 name="/etc/mail/spamassassin/config" obj=system_u:object_r:lib_t:s0
type=AVC msg=audit(1151353003.231:3477): avc:  denied  { getattr } for  pid=9317 comm="pyzor" name="spamassassin" dev=hdc7 ino=1049810 scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:object_r:etc_mail_t:s0 tclass=dir
type=SYSCALL msg=audit(1151353003.231:3477): arch=40000003 syscall=195 success=yes exit=0 a0=8cc3a78 a1=bf83d298 a2=4891eff4 a3=8c3a1b0 items=1 pid=9317 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=AVC_PATH msg=audit(1151353003.231:3477):  path="/etc/mail/spamassassin"
type=CWD msg=audit(1151353003.231:3477):  cwd="/"
type=PATH msg=audit(1151353003.231:3477): item=0 name="/etc/mail/spamassassin" inode=1049810 dev=16:07 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_mail_t:s0
type=AVC msg=audit(1151353003.231:3478): avc:  denied  { getattr } for  pid=9317 comm="pyzor" name="servers" dev=hdc7 ino=1051662 scontext=system_u:system_r:pyzor_t:s0 tcontext=user_u:object_r:etc_mail_t:s0 tclass=file
type=SYSCALL msg=audit(1151353003.231:3478): arch=40000003 syscall=195 success=yes exit=0 a0=8cc3a78 a1=bf83d298 a2=4891eff4 a3=8c3a1b0 items=1 pid=9317 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=AVC_PATH msg=audit(1151353003.231:3478):  path="/etc/mail/spamassassin/servers"
type=CWD msg=audit(1151353003.231:3478):  cwd="/"
type=PATH msg=audit(1151353003.231:3478): item=0 name="/etc/mail/spamassassin/servers" inode=1051662 dev=16:07 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:etc_mail_t:s0
type=AVC msg=audit(1151353003.231:3479): avc:  denied  { read } for  pid=9317 comm="pyzor" name="servers" dev=hdc7 ino=1051662 scontext=system_u:system_r:pyzor_t:s0 tcontext=user_u:object_r:etc_mail_t:s0 tclass=file
type=SYSCALL msg=audit(1151353003.231:3479): arch=40000003 syscall=5 success=yes exit=3 a0=8cc3a78 a1=8000 a2=1b6 a3=8c747c8 items=1 pid=9317 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=CWD msg=audit(1151353003.231:3479):  cwd="/"
type=PATH msg=audit(1151353003.231:3479): item=0 name="/etc/mail/spamassassin/servers" inode=1051662 dev=16:07 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:etc_mail_t:s0
type=AVC msg=audit(1151353008.163:3480): avc:  denied  { node_bind } for  pid=9319 comm="dccproc" scontext=system_u:system_r:dcc_client_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=udp_socket
type=SYSCALL msg=audit(1151353008.163:3480): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfa51570 a2=4891eff4 a3=37 items=0 pid=9319 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=0 sgid=500 fsgid=0 tty=(none) comm="dccproc" exe="/usr/local/bin/dccproc" subj=system_u:system_r:dcc_client_t:s0
type=SOCKADDR msg=audit(1151353008.163:3480): saddr=02000000000000000000000000000000
type=SOCKETCALL msg=audit(1151353008.163:3480): nargs=3 a0=4 a1=bfa51614 a2=10





If the above approach makes sense, then I think that this could become a
defacto install approach when running under SELinux, which is not a
general consideration for the more general installation instructions for
these various filtering apps.

This approach, I think, also has the attraction of not differentiating
between a single user install and a system-wide install, as I had
initially considered above.

Regards,

Marc



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]