Bugzilla's AVC: denied
Daniel J Walsh
dwalsh at redhat.com
Fri Jul 6 17:05:27 UTC 2007
Pedro Silva wrote:
> Daniel J Walsh escreveu:
>
>>> type=AVC msg=audit(1183036604.813:648): avc: denied { read write }
>>> for pid=16
>>> 313 comm="sendmail" name="[335348]" dev=sockfs ino=335348
>>> scontext=root:system_r
>>> :system_mail_t:s0 tcontext=root:system_r:httpd_bugzilla_script_t:s0
>>> tclass=unix_
>>> stream_socket
>> This looks potentially like a leaked file descriptor? Or is sendmail
>> reading and writing to a unix_stream_socket created by the bugzilla
>> cgi?
>>
>> Could you run this in permissive mode to gather all of the avc messages.
>
> I haven't reproduced the other AVC messages yet, but the above happens
> when Bugzilla is sending mail after a bug changed.
> This is what audit.log gives in permissive mode.
>
> type=AVC msg=audit(1183544590.817:4170): avc: denied { read write }
> for pid=23730 comm="sendmail" name="[517705]" dev=sockfs ino=517705
> scontext=root:system_r:system_mail_t:s0
> tcontext=root:system_r:httpd_bugzilla_script_t:s0
> tclass=unix_stream_socket
>
> type=SYSCALL msg=audit(1183544590.817:4170): arch=40000003 syscall=11
> success=yes exit=0 a0=a179ab0 a1=a179a38 a2=916f240 a3=915c008 items=0
> ppid=23727 pid=23730 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48
> egid=48 sgid=48 fsgid=48 tty=(none) comm="sendmail"
> exe="/usr/sbin/sendmail.postfix" subj=root:system_r:system_mail_t:s0
> key=(null)
>
> type=AVC_PATH msg=audit(1183544590.817:4170): path="socket:[517705]"
>
> type=AVC msg=audit(1183544591.317:4171): avc: denied { getattr }
> for pid=23731 comm="postdrop" name="[517696]" dev=pipefs ino=517696
> scontext=root:system_r:postfix_postdrop_t:s0
> tcontext=root:system_r:httpd_t:s0 tclass=fifo_file
>
> type=SYSCALL msg=audit(1183544591.317:4171): arch=40000003 syscall=197
> success=yes exit=0 a0=2 a1=bfa66af0 a2=840ff4 a3=3 items=0 ppid=23730
> pid=23731 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=90
> sgid=90 fsgid=90 tty=(none) comm="postdrop" exe="/usr/sbin/postdrop"
> subj=root:system_r:postfix_postdrop_t:s0 key=(null)
>
> type=AVC_PATH msg=audit(1183544591.317:4171): path="pipe:[517696]"
Ok I will dontaudit in the next release "2.6.4-27"
>
> --
>
> CERTISIGN <http://www.certisign.com.br/>**Pedro Silva**
> Especialista de Desenvolvimento
> (21) 4501 1026
>
> Certisign Certificadora Digital
> certisign.com.br <http://www.certisign.com.br/>
>
More information about the fedora-selinux-list
mailing list