Daniel J Walsh escreveu:type=AVC msg=audit(1183036604.813:648): avc: denied { read write } for pid=16This looks potentially like a leaked file descriptor? Or is sendmail reading and writing to a unix_stream_socket created by the bugzilla cgi? I haven't reproduced the other AVC messages yet, but the above happens when Bugzilla is sending mail after a bug changed. This is what audit.log gives in permissive mode. type=AVC msg=audit(1183544590.817:4170): avc: denied { read write } for pid=23730 comm="sendmail" name="[517705]" dev=sockfs ino=517705 scontext=root:system_r:system_mail_t:s0 tcontext=root:system_r:httpd_bugzilla_script_t:s0 tclass=unix_stream_socket type=SYSCALL msg=audit(1183544590.817:4170): arch=40000003 syscall=11 success=yes exit=0 a0=a179ab0 a1=a179a38 a2=916f240 a3=915c008 items=0 ppid=23727 pid=23730 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="sendmail" exe="/usr/sbin/sendmail.postfix" subj=root:system_r:system_mail_t:s0 key=(null) type=AVC_PATH msg=audit(1183544590.817:4170): path="socket:[517705]" type=AVC msg=audit(1183544591.317:4171): avc: denied { getattr } for pid=23731 comm="postdrop" name="[517696]" dev=pipefs ino=517696 scontext=root:system_r:postfix_postdrop_t:s0 tcontext=root:system_r:httpd_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1183544591.317:4171): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bfa66af0 a2=840ff4 a3=3 items=0 ppid=23730 pid=23731 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=90 sgid=90 fsgid=90 tty=(none) comm="postdrop" exe="/usr/sbin/postdrop" subj=root:system_r:postfix_postdrop_t:s0 key=(null) type=AVC_PATH msg=audit(1183544591.317:4171): path="pipe:[517696]" --
Pedro Silva |
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list