Re: Odd SELinux messages during+after 5.3 upgrade (system_mail_t and postfix_postdrop_t access rpm_var_lib_t)

D Tucny <d@xxxxxxxxx> · Tue, 14 Apr 2009 12:54:42 +0800

2009/4/14 D Tucny <d@xxxxxxxxx>

2009/4/14 Dan Mensom <mensomman@xxxxxxxxx>

Hey guys,

I've been getting some strange selinux messages after the 5.3 upgrade.

It appears as though my mail system (postfix) is constantly trying to

access the rpm database? Here's the audit messages (I tend to look at

my selinux messages using audit2allow < /var/log/audit.log as I find

it easier to read quickly):

Does anyone know what these accesses are? And why they might be still

continously triggering for the mail system, where as all the other

packages have stopped causing them?

Also, on a related note, is it normally best practices to 'setenforce 0'

during a 5.x upgrade? Is it possible I've damaged something by leaving

selinux enabled? Other than the spamassassin issue, the machine seems

to be running ok..

I've seen the same with a bit of php sending mail through a cronjob... I've so far been unable to reproduce it though... The php in question isn't supposed to touch the rpmdb even it was maintaining open file handles when launching sendmail...

Narrowed it down, nothing to do with the php, it's when cron was sending a mail, the php script was just a regular cron job... Stopped crond, tried debugging it in foreground and saw nothing related... Started crond back up again and the messages are no longer appearing...

I wonder if it was something to do with cron being last started during an rpm transaction as a result of being upgraded and it receiving the rpmdb filehandles at that point and sharing them with sendmail...

d

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos