<snipped some content for space> On Tue, 2006-05-30 at 20:05 +0100, Paul Howarth wrote: > On Tue, 2006-05-30 at 13:41 -0500, Marc Schwartz (via MN) wrote: > > On Tue, 2006-05-30 at 16:32 +0100, Paul Howarth wrote: > > > If you run SELinux in permissive mode and post the AVCs that get logged > > > when procmail is running, it should be possible to get this fixed. > > > > Paul, > > > > Thanks for the reply. > > > > I have re-booted with SELinux in Permissive Mode. > > > > However, while procmail is working still, I see no avc messages at all > > in /var/log/messages that would seemingly be related here. There are > > other avc's there, most of which appear to be related to the boot > > process and the relabelling of files subsequent to having disabled > > SELinux earlier. > > > > Is this something more subtle or is there someplace else that I should > > be looking? > > Perhaps you have auditd running, and have AVCs logged > to /var/log/audit/audit.log instead? Yep. That's it. Thanks to Tom also for pointing this out. For reference, here is my ~/.procmailrc: # Scan for viruses using ClamAV + clamassassin :0 fw | /usr/local/bin/clamassassin # Scan with SpamAssasin (+ razor, pyzor and dcc) :0 fw | /usr/bin/spamc -s 256000 I'm not sure how much you might need/want, but here is a sampling. I tried to catch what appear to be complete "cycles" in each case. Here are some using grep 'procmail': type=AVC_PATH msg=audit(1149015973.940:563): path="/home/marcs/.procmailrc" type=PATH msg=audit(1149015973.940:563): item=0 name="/home/marcs/.procmailrc" flags=1 inode=426353 dev=fd:00 mode=0100664 ouid=500 ogid=500 rdev=00:00 type=AVC msg=audit(1149015973.940:564): avc: denied { read } for pid=11095 comm="procmail" name=".procmailrc" dev=dm-0 ino=426353 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file type=SYSCALL msg=audit(1149015973.940:564): arch=40000003 syscall=5 success=yes exit=4 a0=9337d60 a1=8000 a2=0 a3=8000 items=1 pid=11095 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 comm="procmail" exe="/usr/bin/procmail" type=PATH msg=audit(1149015973.940:564): item=0 name="/home/marcs/.procmailrc" flags=101 inode=426353 dev=fd:00 mode=0100664 ouid=500 ogid=500 rdev=00:00 type=AVC msg=audit(1149015973.956:565): avc: denied { execute } for pid=11101 comm="clamassassin" name="clamscan" dev=hdc7 ino=3123838 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:clamscan_exec_t:s0 tclass=file type=AVC msg=audit(1149015973.956:565): avc: denied { execute_no_trans } for pid=11101 comm="clamassassin" name="clamscan" dev=hdc7 ino=3123838 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:clamscan_exec_t:s0 tclass=file type=AVC msg=audit(1149015973.956:565): avc: denied { read } for pid=11101 comm="clamassassin" name="clamscan" dev=hdc7 ino=3123838 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:clamscan_exec_t:s0 tclass=file type=AVC msg=audit(1149015973.960:566): avc: denied { search } for pid=11101 comm="clamscan" name="clamav" dev=hdc5 ino=30881 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:clamd_var_lib_t:s0 tclass=dir type=AVC msg=audit(1149015973.960:566): avc: denied { read } for pid=11101 comm="clamscan" name="daily.cvd" dev=hdc5 ino=29403 scontext=system_u:system_r:procmail_t:s0 tcontext=user_u:object_r:clamd_var_lib_t:s0 tclass=file type=AVC msg=audit(1149015973.960:567): avc: denied { getattr } for pid=11101 comm="clamscan" name="daily.cvd" dev=hdc5 ino=29403 scontext=system_u:system_r:procmail_t:s0 tcontext=user_u:object_r:clamd_var_lib_t:s0 tclass=file type=AVC msg=audit(1149015973.972:568): avc: denied { read } for pid=11105 comm="clamscan" name="clamav" dev=hdc5 ino=30881 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:clamd_var_lib_t:s0 tclass=dir type=AVC msg=audit(1149015973.972:569): avc: denied { getattr } for pid=11105 comm="clamscan" name="clamav" dev=hdc5 ino=30881 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:clamd_var_lib_t:s0 tclass=dir type=AVC msg=audit(1149015973.972:570): avc: denied { read } for pid=11105 comm="clamscan" name="main.cvd" dev=hdc5 ino=30890 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:clamd_var_lib_t:s0 tclass=file type=AVC msg=audit(1149015973.972:571): avc: denied { getattr } for pid=11105 comm="clamscan" name="main.cvd" dev=hdc5 ino=30890 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:clamd_var_lib_t:s0 tclass=file type=AVC msg=audit(1149015974.368:572): avc: denied { write } for pid=11105 comm="clamscan" name="main.ndb" dev=hdc6 ino=146248 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=file type=AVC msg=audit(1149015974.368:573): avc: denied { read } for pid=11105 comm="clamscan" name="clamav-5f6ea15f5332ca86" dev=hdc6 ino=30 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=file type=AVC msg=audit(1149015974.532:574): avc: denied { create } for pid=11105 comm="clamscan" name="main.zmd" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=file type=AVC msg=audit(1149015974.532:575): avc: denied { getattr } for pid=11105 comm="clamscan" name="main.zmd" dev=hdc6 ino=146249 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=file type=AVC msg=audit(1149015974.532:576): avc: denied { unlink } for pid=11105 comm="clamscan" name="clamav-5f6ea15f5332ca86" dev=hdc6 ino=30 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=file type=AVC msg=audit(1149015974.992:577): avc: denied { search } for pid=11105 comm="clamscan" name="/" dev=hdc6 ino=2 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=AVC msg=audit(1149015975.444:578): avc: denied { read } for pid=11105 comm="clamscan" name="clamav-a0ba2088c392494c" dev=hdc6 ino=146243 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=AVC msg=audit(1149015975.444:579): avc: denied { setattr } for pid=11105 comm="clamscan" name="clamav-a0ba2088c392494c" dev=hdc6 ino=146243 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=AVC msg=audit(1149015975.444:580): avc: denied { write } for pid=11105 comm="clamscan" name="/" dev=hdc6 ino=2 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=AVC msg=audit(1149015975.444:580): avc: denied { remove_name } for pid=11105 comm="clamscan" name="clamav-a0ba2088c392494c" dev=hdc6 ino=146243 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=AVC msg=audit(1149015975.444:580): avc: denied { rmdir } for pid=11105 comm="clamscan" name="clamav-a0ba2088c392494c" dev=hdc6 ino=146243 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=AVC msg=audit(1149015975.452:581): avc: denied { add_name } for pid=11105 comm="clamscan" name="clamav-c8c20a1e39aef1bc" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=AVC msg=audit(1149015975.452:581): avc: denied { create } for pid=11105 comm="clamscan" name="clamav-c8c20a1e39aef1bc" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir Here are some using grep 'postfix': type=SYSCALL msg=audit(1149014661.600:328): arch=40000003 syscall=196 success=no exit=-2 a0=9769930 a1=bf8a4b80 a2=580ff4 a3=3 items=1 pid=8367 auid=500 uid=0 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 comm="local" exe="/usr/libexec/postfix/local" type=CWD msg=audit(1149014661.600:328): cwd="/var/spool/postfix" type=CWD msg=audit(1149014661.604:329): cwd="/var/spool/postfix" type=CWD msg=audit(1149014661.604:330): cwd="/var/spool/postfix" type=AVC msg=audit(1149014770.075:378): avc: denied { search } for pid=8646 comm="local" name="/" dev=dm-0 ino=2 scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir Some using grep 'pyzor'. Note that neither 'razor' nor 'dcc' are showing up curiously: type=AVC_PATH msg=audit(1149015851.011:541): path="/home/marcs/.pyzor" type=PATH msg=audit(1149015851.011:541): item=0 name="/home/marcs/.pyzor" flags=1 inode=427255 dev=fd:00 mode=040755 ouid=500 ogid=5 00 rdev=00:00 type=AVC msg=audit(1149015851.015:542): avc: denied { getattr } for pid=10802 comm="pyzor" name="servers" dev=dm-0 ino=427256 scon text=system_u:system_r:pyzor_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file type=SYSCALL msg=audit(1149015851.015:542): arch=40000003 syscall=195 success=yes exit=0 a0=86c1fb0 a1=bf9b8da8 a2=4891eff4 a3=868e1b 0 items=1 pid=10802 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 comm="pyzor" exe="/usr/bin/ python" type=AVC_PATH msg=audit(1149015851.015:542): path="/home/marcs/.pyzor/servers" type=PATH msg=audit(1149015851.015:542): item=0 name="/home/marcs/.pyzor/servers" flags=1 inode=427256 dev=fd:00 mode=0100664 ouid=5 00 ogid=500 rdev=00:00 type=AVC msg=audit(1149015851.015:543): avc: denied { search } for pid=10802 comm="pyzor" name="marcs" dev=dm-0 ino=425153 scontex t=system_u:system_r:pyzor_t:s0 tcontext=user_u:object_r:user_home_dir_t:s0 tclass=dir type=AVC msg=audit(1149015851.015:543): avc: denied { read } for pid=10802 comm="pyzor" name="servers" dev=dm-0 ino=427256 scontex t=system_u:system_r:pyzor_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file type=SYSCALL msg=audit(1149015851.015:543): arch=40000003 syscall=5 success=yes exit=3 a0=87273d0 a1=8000 a2=1b6 a3=86e0b90 items=1 p id=10802 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 comm="pyzor" exe="/usr/bin/python" type=PATH msg=audit(1149015851.015:543): item=0 name="/home/marcs/.pyzor/servers" flags=101 inode=427256 dev=fd:00 mode=0100664 ouid =500 ogid=500 rdev=00:00 type=AVC msg=audit(1149015851.027:544): avc: denied { search } for pid=10802 comm="pyzor" name="/" dev=hdc6 ino=2 scontext=system_ u:system_r:pyzor_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=AVC msg=audit(1149015851.027:544): avc: denied { write } for pid=10802 comm="pyzor" name="/" dev=hdc6 ino=2 scontext=system_u :system_r:pyzor_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=AVC msg=audit(1149015851.027:544): avc: denied { add_name } for pid=10802 comm="pyzor" name="bBOXo3" scontext=system_u:system _r:pyzor_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=AVC msg=audit(1149015851.027:544): avc: denied { create } for pid=10802 comm="pyzor" name="bBOXo3" scontext=system_u:system_r :pyzor_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=file More with grep 'spamd': type=AVC msg=audit(1149017045.372:768): avc: denied { search } for pid=1949 comm="spamd" name="/" dev=dm-0 ino=2 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir type=SYSCALL msg=audit(1149017045.372:768): arch=40000003 syscall=195 success=yes exit=0 a0=a3a19c0 a1=9ffa0c8 a2=4891eff4 a3=a3a19c0 items=1 pid=1949 auid=4294967295 uid=0 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 comm="spamd" exe="/usr/bin/perl" type=PATH msg=audit(1149017045.372:768): item=0 name="/home/marcs/.spamassassin/user_prefs" flags=1 inode=1193881 dev=fd:00 mode=0100664 ouid=500 ogid=500 rdev=00:00 type=AVC msg=audit(1149017045.380:769): avc: denied { getattr } for pid=1949 comm="spamd" name="bayes_toks" dev=dm-0 ino=1193882 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file type=SYSCALL msg=audit(1149017045.380:769): arch=40000003 syscall=195 success=yes exit=0 a0=a3a19c0 a1=9ffa0c8 a2=4891eff4 a3=a3a19c0 items=1 pid=1949 auid=4294967295 uid=0 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 comm="spamd" exe="/usr/bin/perl" type=AVC_PATH msg=audit(1149017045.380:769): path="/home/marcs/.spamassassin/bayes_toks" type=PATH msg=audit(1149017045.380:769): item=0 name="/home/marcs/.spamassassin/bayes_toks" flags=1 inode=1193882 dev=fd:00 mode=0100600 ouid=500 ogid=500 rdev=00:00 type=AVC msg=audit(1149017045.380:770): avc: denied { read } for pid=1949 comm="spamd" name="bayes_toks" dev=dm-0 ino=1193882 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file type=SYSCALL msg=audit(1149017045.380:770): arch=40000003 syscall=5 success=yes exit=8 a0=b1db3b8 a1=8000 a2=0 a3=8000 items=1 pid=1949 auid=4294967295 uid=0 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 comm="spamd" exe="/usr/bin/perl" type=PATH msg=audit(1149017045.380:770): item=0 name="/home/marcs/.spamassassin/bayes_toks" flags=101 inode=1193882 dev=fd:00 mode=0100600 ouid=500 ogid=500 rdev=00:00 type=AVC msg=audit(1149017047.188:771): avc: denied { append } for pid=1949 comm="spamd" name="bayes_journal" dev=dm-0 ino=2338489 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file type=SYSCALL msg=audit(1149017047.188:771): arch=40000003 syscall=5 success=yes exit=10 a0=b8211d8 a1=8441 a2=1b6 a3=8441 items=1 pid=1949 auid=4294967295 uid=0 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 comm="spamd" exe="/usr/bin/perl" type=PATH msg=audit(1149017047.188:771): item=0 name="/home/marcs/.spamassassin/bayes_journal" flags=310 inode=1193874 dev=fd:00 mode=040755 ouid=500 ogid=500 rdev=00:00 type=AVC msg=audit(1149017047.188:772): avc: denied { ioctl } for pid=1949 comm="spamd" name="bayes_journal" dev=dm-0 ino=2338489 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file type=SYSCALL msg=audit(1149017047.188:772): arch=40000003 syscall=54 success=no exit=-25 a0=a a1=5401 a2=bf84f5d8 a3=bf84f618 items=0 pid=1949 auid=4294967295 uid=0 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 comm="spamd" exe="/usr/bin/perl" type=AVC_PATH msg=audit(1149017047.188:772): path="/home/marcs/.spamassassin/bayes_journal" type=AVC msg=audit(1149017047.828:791): avc: denied { write } for pid=1949 comm="spamd" name="bayes_toks" dev=dm-0 ino=1193882 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file Finally with grep "clamassassin": type=SYSCALL msg=audit(1149016209.330:652): arch=40000003 syscall=5 success=yes exit=3 a0=99e48c0 a1=8241 a2=1b6 a3=8241 items=1 pid=11646 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 comm="clamassassin" exe="/bin/bash" type=PATH msg=audit(1149016209.330:652): item=0 name="/tmp/clamassassinmsg.jSBOI11644" flags=310 inode=2 dev=16:06 mode=041777 ouid=0 ogid=0 rdev=00:00 type=AVC msg=audit(1149016209.330:653): avc: denied { getattr } for pid=11646 comm="cat" name="clamassassinmsg.jSBOI11644" dev=hdc6 ino=28 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=file type=AVC_PATH msg=audit(1149016209.330:653): path="/tmp/clamassassinmsg.jSBOI11644" type=AVC msg=audit(1149016209.334:654): avc: denied { execute } for pid=11647 comm="clamassassin" name="clamscan" dev=hdc7 ino=3123838 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:clamscan_exec_t:s0 tclass=file type=AVC msg=audit(1149016209.334:654): avc: denied { execute_no_trans } for pid=11647 comm="clamassassin" name="clamscan" dev=hdc7 ino=3123838 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:clamscan_exec_t:s0 tclass=file type=AVC msg=audit(1149016209.334:654): avc: denied { read } for pid=11647 comm="clamassassin" name="clamscan" dev=hdc7 ino=3123838 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:clamscan_exec_t:s0 tclass=file type=AVC msg=audit(1149016209.346:657): avc: denied { read } for pid=11651 comm="clamassassin" name="clamassassinmsg.jSBOI11644" dev=hdc6 ino=28 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=file type=SYSCALL msg=audit(1149016209.346:657): arch=40000003 syscall=5 success=yes exit=3 a0=99e1190 a1=8000 a2=0 a3=8000 items=1 pid=11651 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 comm="clamassassin" exe="/bin/bash" type=PATH msg=audit(1149016209.346:657): item=0 name="/tmp/clamassassinmsg.jSBOI11644" flags=101 inode=28 dev=16:06 mode=0100600 ouid=500 ogid=500 rdev=00:00 type=AVC msg=audit(1149017043.144:752): avc: denied { add_name } for pid=13192 comm="mktemp" name="clamassassinmsg.QRJvd13192" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=AVC msg=audit(1149017043.144:752): avc: denied { create } for pid=13192 comm="mktemp" name="clamassassinmsg.QRJvd13192" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=file type=PATH msg=audit(1149017043.144:752): item=0 name="/tmp/clamassassinmsg.QRJvd13192" flags=310 inode=2 dev=16:06 mode=041777 ouid=0 ogid=0 rdev=00:00 type=AVC msg=audit(1149017043.152:753): avc: denied { write } for pid=13194 comm="clamassassin" name="clamassassinmsg.QRJvd13192" dev=hdc6 ino=28 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=file > > BTW, on a separate and possible SELinux related issue, I had noted that > > the Evolution Data Server was crashing after I first installed FC5 with > > SELinux enabled. For the time this morning that I had SELinux disabled, > > I was not getting the crash. Didn't make the association initially, but > > now that I have it re-enabled in Permissive Mode, it's crashing again. > > No avc's in the log here either. > > Don't know what's happening with that. Having SELinux in permissive mode > should behave almost identically to disabled mode really. No avc's in /var/log/audit/audit.log, now that I am searching that. Yeah, this is curious. I'll pay attention to it and post back with any further data. Thanks, Marc -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list