Nicolas Mailhot wrote:
Le mardi 29 novembre 2005 à 15:01 -0500, Daniel J Walsh a écrit :
Nicolas Mailhot wrote:
The udev denial seems fixed with selinux-policy-targeted-2.0.6-1. So
things get (slowly) fixed. But most issues are still there :
audit2allow < /var/log/audit/audit.log
You should do
audit2allow -l < /var/log/audit/audit.log
To only get the messages of what AVC messages you got after the last reload.
allow dovecot_auth_t var_lib_t:dir search;
allow system_chkpwd_t devpts_t:chr_file { read write };
allow procmail_t spamd_port_t:tcp_socket name_connect;
allow updfstab_t tmpfs_t:dir getattr;
allow dovecot_auth_t etc_runtime_t:file read;
allow spamd_t port_t:udp_socket name_bind;
(this bit is the spamassassin resolver issue Steven Stern just reported
for FC4. It was briefly fixed in Rawhide, then regressed to broken stage
with the 2.x policy change)
(generated on a clean fully relabeled system after 3 min of activity)
That's almost the same list I had with selinux-policy-targeted-2.0.0
selinux-policy-2.0.6-2 should fix most of those.
This one is much better, right. I had to work a little harder to fill my
AVC quota. Now I only get :
# audit2allow < /var/log/audit/audit.log | sort
allow dovecot_auth_t var_auth_t:dir write;
(on-the-fly pam_abl database creation failure, strangely works fine from
ssh)
allow saslauthd_t self:capability setuid;
(should saslauthd be allowed setuid ?)
allow saslauthd_t var_auth_t:dir search;
(more pam_abl stuff)
allow spamd_t port_t:udp_socket name_bind;
Probably related to one of those :
Nov 29 22:08:11 rousalka spamd[2382]: Error creating a DNS resolver
socket: Permission non accordée
at /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin/DnsResolver.pm
line 202, <GEN5> line 120.
Nov 29 22:08:11 rousalka spamd[2382]: spamd: Error creating a DNS
resolver socket: Permission non accordée
at /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin/DnsResolver.pm
line 202, <GEN5> line 120.
Nov 29 22:09:38 rousalka spamd[2382]: spamd: connection from
localhost.localdomain [127.0.0.1] at port 50657
Nov 29 22:09:38 rousalka spamd[2382]: spamd: setuid to nim succeeded
Nov 29 22:09:38 rousalka spamd[2382]: spamd: creating
default_prefs: /home/nim/.spamassassin/user_prefs
Nov 29 22:09:38 rousalka spamd[2382]: mkdir /home/nim: Le fichier
existe. at /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin.pm line
1467
Nov 29 22:09:38 rousalka spamd[2382]: config: cannot write
to /home/nim/.spamassassin/user_prefs: Permission non accordée
Nov 29 22:09:38 rousalka spamd[2382]: spamd: failed to create readable
default_prefs: /home/nim/.spamassassin/user_prefs
Nov 29 22:09:38 rousalka spamd[2382]: mkdir /home/nim: Le fichier
existe. at /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin.pm line
1467
Nov 29 22:09:38 rousalka spamd[2382]: spamd: checking message
<1133298570.3426.4.camel@xxxxxxxxxxxxxxxxxxx> for nim:500
Nov 29 22:09:38 rousalka spamd[2382]: internal error
Nov 29 22:09:38 rousalka spamd[2382]: pyzor: check failed: internal
error
Nov 29 22:09:38 rousalka spamd[2382]: mkdir /home/nim: Le fichier
existe. at /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin.pm line
1467
Nov 29 22:09:38 rousalka spamd[2382]: locker: safe_lock: cannot create
tmp
lockfile /home/nim/.spamassassin/auto-whitelist.lock.rousalka.dyndns.org.2382 for /home/nim/.spamassassin/auto-whitelist.lock: Permission non accordée
Nov 29 22:09:38 rousalka spamd[2382]: auto-whitelist: open of
auto-whitelist file failed: locker: safe_lock: cannot create tmp
lockfile /home/nim/.spamassassin/auto-whitelist.lock.rousalka.dyndns.org.2382 for /home/nim/.spamassassin/auto-whitelist.lock: Permission non accordée
Nov 29 22:09:38 rousalka spamd[2382]: Can't call method "finish" on an
undefined value
at /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin/Plugin/AWL.pm line
397.
Nov 29 22:09:38 rousalka spamd[2382]: bayes: locker: safe_lock: cannot
create tmp
lockfile /home/nim/.spamassassin/bayes.lock.rousalka.dyndns.org.2382
for /home/nim/.spamassassin/bayes.lock: Permission non accordée
allow system_chkpwd_t devpts_t:chr_file { read write };
(this one is pam-related - may be serious)
allow updfstab_t tmpfs_t:dir getattr;
(fstab-sync is blocked)
Regards,
Please attach the audit.log
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
