sendmail+greylist-milter problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Greetings,
Sorry, if same matters was discussed previously - I've not found any trails. If there is any FAQ with solution of my problem, please give me a link. 
Thanks for help.

best regards,
Alexey Tarasov

---------------
Problem 1.
Installed: sendmail-8.3.14, milter-greylist-2.0.2, selinux-policy-targeted-1.27.2-19 

starting sendmail from init results in:
maillog
---
sendmail[1997]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 1674: Xgreylist: local socket name /var/milter-greylist/milter-greylist.sock unsafe: Permission denied 
---

audit.log:
---
type=AVC msg=audit(1135060778.168:5): avc: denied { getattr } for pid=1994 comm="newaliases" name="milter-greylist.sock" dev=dm-0 ino=7831655 scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=sock_file type=SYSCALL msg=audit(1135060778.168:5): arch=40000003 syscall=196 success=no exit=-13 a0=bfd5995c a1=bfd598ac a2=b7c60ff4 a3=bfd598ac items=1 pid=1994 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 comm="newaliases" exe="/usr/sbin/sendmail.sendmail" type=AVC_PATH msg=audit(1135060778.168:5): path="/var/milter-greylist/milter-greylist.sock" type=PATH msg=audit(1135060778.168:5): item=0 name="/var/milter-greylist/milter-greylist.sock" flags=0 inode=7831655 dev=fd:00 mode=0140755 ouid=0 ogid=0 rdev=00:00 type=AVC msg=audit(1135060778.260:6): avc: denied { getattr } for pid=1997 comm="sendmail" name="milter-greylist.sock" dev=dm-0 ino=7831655 scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=sock_file type=SYSCALL msg=audit(1135060778.260:6): arch=40000003 syscall=196 success=no exit=-13 a0=bf89508c a1=bf894fdc a2=b7c9dff4 a3=bf894fdc items=1 pid=1997 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 comm="sendmail" exe="/usr/sbin/sendmail.sendmail" type=AVC_PATH msg=audit(1135060778.260:6): path="/var/milter-greylist/milter-greylist.sock" type=PATH msg=audit(1135060778.260:6): item=0 name="/var/milter-greylist/milter-greylist.sock" flags=0 inode=7831655 dev=fd:00 mode=0140755 ouid=0 ogid=0 rdev=00:00 
---

And this output is generated on system shutdown:
---
type=AVC msg=audit(1135059155.814:79): avc: denied { getattr } for pid=3857 comm="K30sendmail" name="sendmail.pid" dev=dm-0 ino=7602305 scontext=system_u:system_r:sendmail_launch_t:s0 tcontext=root:object_r:var_run_t:s0 tclass=file type=SYSCALL msg=audit(1135059155.814:79): arch=40000003 syscall=195 success=no exit=-13 a0=8113cf8 a1=bfe421c8 a2=aedff4 a3=8113828 items=1 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="K30sendmail" exe="/bin/bash" 
type=AVC_PATH msg=audit(1135059155.814:79):  path="/var/run/sendmail.pid"
type=PATH msg=audit(1135059155.814:79): item=0 name="/var/run/sendmail.pid" flags=1 inode=7602305 dev=fd:00 mode=0100600 ouid=0 ogid=51 rdev=00:00 type=AVC msg=audit(1135059155.822:80): avc: denied { unlink } for pid=3864 comm="rm" name="sendmail.pid" dev=dm-0 ino=7602305 scontext=system_u:system_r:sendmail_launch_t:s0 tcontext=root:object_r:var_run_t:s0 tclass=file type=SYSCALL msg=audit(1135059155.822:80): arch=40000003 syscall=10 success=no exit=-13 a0=bfdabf03 a1=1 a2=8050204 a3=bfdab9e0 items=1 pid=3864 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="rm" exe="/bin/rm" type=PATH msg=audit(1135059155.822:80): item=0 name="/var/run/sendmail.pid" flags=10 inode=7602212 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00 type=AVC msg=audit(1135059155.826:81): avc: denied { unlink } for pid=3865 comm="rm" name="sendmail" dev=dm-0 ino=7602307 scontext=system_u:system_r:sendmail_launch_t:s0 tcontext=root:object_r:var_lock_t:s0 tclass=file type=SYSCALL msg=audit(1135059155.826:81): arch=40000003 syscall=10 success=no exit=-13 a0=bff31eff a1=1 a2=8050204 a3=bff30f40 items=1 pid=3865 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="rm" exe="/bin/rm" type=PATH msg=audit(1135059155.826:81): item=0 name="/var/lock/subsys/sendmail" flags=10 inode=7602207 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00 type=AVC msg=audit(1135059155.826:82): avc: denied { getattr } for pid=3857 comm="K30sendmail" name="sm-client.pid" dev=dm-0 ino=7602308 scontext=system_u:system_r:sendmail_launch_t:s0 tcontext=root:object_r:var_run_t:s0 tclass=file type=SYSCALL msg=audit(1135059155.826:82): arch=40000003 syscall=195 success=no exit=-13 a0=8113cf8 a1=bfe448b8 a2=aedff4 a3=8110710 items=1 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="K30sendmail" exe="/bin/bash" 
type=AVC_PATH msg=audit(1135059155.826:82):  path="/var/run/sm-client.pid"
type=PATH msg=audit(1135059155.826:82): item=0 name="/var/run/sm-client.pid" flags=1 inode=7602308 dev=fd:00 mode=0100644 ouid=51 ogid=51 rdev=00:00 
---
#ls -lZ
-rw-------  root     smmsp    root:object_r:var_run_t          sendmail.pid
-rw-r--r--  smmsp    smmsp    root:object_r:var_run_t          sm-client.pid
-rw-r--r--  root     root     root:object_r:var_lock_t         sendmail


Problem 2.
ping is called by bash script, executed by cron with root rights (comand line: ping -c 1 -w 5 > /dev/null ) 

---
type=AVC msg=audit(1133295301.930:2739): avc: denied { write } for pid=30341 comm="ping" name="[56893]" dev=pipefs ino=56893 scontext=root:system_r:ping_t:s0 tcontext=system_u:system_r:crond_t:s0 tclass=fifo_file type=AVC msg=audit(1133295301.930:2739): avc: denied { read } for pid=30341 comm="ping" name="[56892]" dev=pipefs ino=56892 scontext=root:system_r:ping_t:s0 tcontext=system_u:system_r:crond_t:s0 tclass=fifo_file 
---

Is any way to avoid such messages?

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux