Bugzilla's AVC: denied

Daniel J Walsh dwalsh at redhat.com
Fri Jul 6 17:05:27 UTC 2007 

Pedro Silva wrote:
> Daniel J Walsh escreveu:
>
>>> type=AVC msg=audit(1183036604.813:648): avc:  denied  { read write } 
>>> for  pid=16
>>> 313 comm="sendmail" name="[335348]" dev=sockfs ino=335348 
>>> scontext=root:system_r
>>> :system_mail_t:s0 tcontext=root:system_r:httpd_bugzilla_script_t:s0 
>>> tclass=unix_
>>> stream_socket
>> This looks potentially like a leaked file descriptor?  Or is sendmail 
>> reading and writing to a  unix_stream_socket created by the bugzilla 
>> cgi?
>>
>> Could you run this in permissive mode to gather all of the avc messages.
>
> I haven't reproduced the other AVC messages yet, but the above happens 
> when Bugzilla is sending mail after a bug changed.
> This is what audit.log gives in permissive mode.
>
> type=AVC msg=audit(1183544590.817:4170): avc:  denied  { read write } 
> for  pid=23730 comm="sendmail" name="[517705]" dev=sockfs ino=517705 
> scontext=root:system_r:system_mail_t:s0 
> tcontext=root:system_r:httpd_bugzilla_script_t:s0 
> tclass=unix_stream_socket
>
> type=SYSCALL msg=audit(1183544590.817:4170): arch=40000003 syscall=11 
> success=yes exit=0 a0=a179ab0 a1=a179a38 a2=916f240 a3=915c008 items=0 
> ppid=23727 pid=23730 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 
> egid=48 sgid=48 fsgid=48 tty=(none) comm="sendmail" 
> exe="/usr/sbin/sendmail.postfix" subj=root:system_r:system_mail_t:s0 
> key=(null)
>
> type=AVC_PATH msg=audit(1183544590.817:4170):  path="socket:[517705]"
>
> type=AVC msg=audit(1183544591.317:4171): avc:  denied  { getattr } 
> for  pid=23731 comm="postdrop" name="[517696]" dev=pipefs ino=517696 
> scontext=root:system_r:postfix_postdrop_t:s0 
> tcontext=root:system_r:httpd_t:s0 tclass=fifo_file
>
> type=SYSCALL msg=audit(1183544591.317:4171): arch=40000003 syscall=197 
> success=yes exit=0 a0=2 a1=bfa66af0 a2=840ff4 a3=3 items=0 ppid=23730 
> pid=23731 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=90 
> sgid=90 fsgid=90 tty=(none) comm="postdrop" exe="/usr/sbin/postdrop" 
> subj=root:system_r:postfix_postdrop_t:s0 key=(null)
>
> type=AVC_PATH msg=audit(1183544591.317:4171):  path="pipe:[517696]"
Ok I will dontaudit in the next release "2.6.4-27"

>
> -- 
>
> CERTISIGN <http://www.certisign.com.br/>**Pedro Silva**
> Especialista de Desenvolvimento
> (21) 4501 1026
>
> Certisign Certificadora Digital
> certisign.com.br <http://www.certisign.com.br/>
>

More information about the fedora-selinux-list mailing list