Re: postfix, procmail and SELinux - No Go

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2006-06-27 at 17:20 +0100, Paul Howarth wrote:

<snip>

The changes to the razor and pyzor locations have been made.

I did move .razor to /etc/mail/spamassassin/razor and I also moved pyzor
to /etc/mail/spamassassin/pyzor.

Note that in my prior reply, the paths that I listed
as /etc/spamassassin/...  should in fact be /etc/mail/spamassassin.  My
typos.

<snip of avc's and comments>

> Updated policy:

<snip of new policies>

# semodule -l
amavis  1.0.4
clamav  1.0.1
dcc     1.0.0
myclamav        0.1.3
mydcc   0.1.8
mypostfix       0.1.0
mypyzor 0.2.2
myspamassassin  0.1.1
procmail        0.5.4
pyzor   1.0.1
razor   1.0.0


type=AVC msg=audit(1151428802.918:884): avc:  denied  { use } for  pid=5062 comm="clamscan" name="[150534]" dev=pipefs ino=150534 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:system_r:procmail_t:s0 tclass=fd
type=SYSCALL msg=audit(1151428802.918:884): arch=40000003 syscall=11 success=yes exit=0 a0=9181c00 a1=9181210 a2=9181dd0 a3=9181d90 items=2 pid=5062 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0
type=AVC_PATH msg=audit(1151428802.918:884):  path="pipe:[150534]"
type=CWD msg=audit(1151428802.918:884):  cwd="/home/marcs"
type=PATH msg=audit(1151428802.918:884): item=0 name="/usr/bin/clamscan" inode=3123838 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:clamscan_exec_t:s0
type=PATH msg=audit(1151428802.918:884): item=1 name=(null) inode=754491 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0
type=AVC msg=audit(1151428805.919:885): avc:  denied  { create } for  pid=5084 comm="pyzor" scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:system_r:pyzor_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151428805.919:885): arch=40000003 syscall=102 success=yes exit=3 a0=1 a1=bfeffef8 a2=4891eff4 a3=95fe1b0 items=0 pid=5084 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=SOCKETCALL msg=audit(1151428805.919:885): nargs=3 a0=10 a1=3 a2=0
type=AVC msg=audit(1151428805.923:886): avc:  denied  { bind } for  pid=5084 comm="pyzor" scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:system_r:pyzor_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151428805.923:886): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfeffef8 a2=4891eff4 a3=3 items=0 pid=5084 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=SOCKADDR msg=audit(1151428805.923:886): saddr=100000000000000000000000
type=SOCKETCALL msg=audit(1151428805.923:886): nargs=3 a0=3 a1=bfefff04 a2=c
type=AVC msg=audit(1151428805.923:887): avc:  denied  { getattr } for  pid=5084 comm="pyzor" scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:system_r:pyzor_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151428805.923:887): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=bfeffef8 a2=4891eff4 a3=3 items=0 pid=5084 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=SOCKADDR msg=audit(1151428805.923:887): saddr=10000000DC13000000000000
type=SOCKETCALL msg=audit(1151428805.923:887): nargs=3 a0=3 a1=bfefff04 a2=bfefff10
type=AVC msg=audit(1151428805.923:888): avc:  denied  { write } for  pid=5084 comm="pyzor" scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:system_r:pyzor_t:s0 tclass=netlink_route_socket
type=AVC msg=audit(1151428805.923:888): avc:  denied  { nlmsg_read } for  pid=5084 comm="pyzor" scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:system_r:pyzor_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151428805.923:888): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=bfefee44 a2=4891eff4 a3=ffffffcc items=0 pid=5084 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=SOCKADDR msg=audit(1151428805.923:888): saddr=100000000000000000000000
type=SOCKETCALL msg=audit(1151428805.923:888): nargs=6 a0=3 a1=bfeffebc a2=14 a3=0 a4=bfeffed0 a5=c
type=AVC msg=audit(1151428805.923:889): avc:  denied  { read } for  pid=5084 comm="pyzor" scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:system_r:pyzor_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1151428805.923:889): arch=40000003 syscall=102 success=yes exit=128 a0=11 a1=bfefee44 a2=4891eff4 a3=ffffffcc items=0 pid=5084 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=SOCKADDR msg=audit(1151428805.923:889): saddr=100000000000000000000000
type=SOCKETCALL msg=audit(1151428805.923:889): nargs=3 a0=3 a1=bfeffea0 a2=0
type=AVC msg=audit(1151428805.923:890): avc:  denied  { search } for  pid=5084 comm="pyzor" name="nscd" dev=dm-1 ino=87802 scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
type=SYSCALL msg=audit(1151428805.923:890): arch=40000003 syscall=102 success=no exit=-2 a0=3 a1=bfeffab4 a2=4891eff4 a3=48909fd4 items=0 pid=5084 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=SOCKADDR msg=audit(1151428805.923:890): saddr=01002F7661722F72756E2F6E7363642F736F636B657400D8CD0040F3CD00AC8BC9B718FBEFBF6B5AC300AC8BC9B780DBC7B71C2360094ACCC00020E0C9B7241F600900000000E4D8CD00AC8BC9B700000000F8FCEFBF7BC7C600AC8BC9B780DBC7B71C236009E4D8CD0001000000
type=SOCKETCALL msg=audit(1151428805.923:890): nargs=3 a0=3 a1=bfeffac6 a2=6e
type=AVC msg=audit(1151428805.923:891): avc:  denied  { name_connect } for  pid=5084 comm="pyzor" dest=80 scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1151428805.923:891): avc:  denied  { send_msg } for  pid=5084 comm="pyzor" saddr=192.168.0.64 src=40031 daddr=66.35.250.209 dest=80 netif=eth0 scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1151428806.007:892): avc:  denied  { recv_msg } for  pid=5078 comm="clamscan" saddr=66.35.250.209 src=80 daddr=192.168.0.64 dest=40031 netif=eth0 scontext=system_u:system_r:pyzor_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1151428805.923:891): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfeffe10 a2=2c9118 a3=b7ef3aa0 items=0 pid=5084 auid=4294967295 uid=500 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pyzor" exe="/usr/bin/python" subj=system_u:system_r:pyzor_t:s0
type=SOCKADDR msg=audit(1151428805.923:891): saddr=020000504223FAD10000000000000000
type=SOCKETCALL msg=audit(1151428805.923:891): nargs=3 a0=3 a1=b7ef3ab8 a2=10


One thing to note here. I am on the new kernel: 2.6.17-1.2139_FC5

There have been some flaky things going on with networking as you may
have noted on the general FC list, just in case any of that is relevant
here. I have not installed the new (updates testing) initscripts as of
yet, as I am still trying to get a sense of where things stand. I have
seen some issues with network configs and device labelling issues,
including wireless instability (using the bcm43xx driver) which was
working under the former kernel with ndiswrapper. FWIW.

Thanks,

Marc


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux