Re: Bugzilla's AVC: denied

[Daniel J Walsh <dwalsh@xxxxxxxxxx>]

Pedro Silva wrote:
> Daniel J Walsh escreveu:
>
> > > type=AVC msg=audit(1183036604.813:648): avc:  denied  { read write } 
> > > for  pid=16
> > > 313 comm="sendmail" name="[335348]" dev=sockfs ino=335348 
> > > scontext=root:system_r
> > > :system_mail_t:s0 tcontext=root:system_r:httpd_bugzilla_script_t:s0 
> > > tclass=unix_
> > > stream_socket
> > This looks potentially like a leaked file descriptor?  Or is sendmail 
> > reading and writing to a  unix_stream_socket created by the bugzilla 
> > cgi?
> >
> > Could you run this in permissive mode to gather all of the avc messages.
>
> I haven't reproduced the other AVC messages yet, but the above happens 
> when Bugzilla is sending mail after a bug changed.
> This is what audit.log gives in permissive mode.
>
> type=AVC msg=audit(1183544590.817:4170): avc:  denied  { read write } 
> for  pid=23730 comm="sendmail" name="[517705]" dev=sockfs ino=517705 
> scontext=root:system_r:system_mail_t:s0 
> tcontext=root:system_r:httpd_bugzilla_script_t:s0 
> tclass=unix_stream_socket
>
> type=SYSCALL msg=audit(1183544590.817:4170): arch=40000003 syscall=11 
> success=yes exit=0 a0=a179ab0 a1=a179a38 a2=916f240 a3=915c008 items=0 
> ppid=23727 pid=23730 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 
> egid=48 sgid=48 fsgid=48 tty=(none) comm="sendmail" 
> exe="/usr/sbin/sendmail.postfix" subj=root:system_r:system_mail_t:s0 
> key=(null)
>
> type=AVC_PATH msg=audit(1183544590.817:4170):  path="socket:[517705]"
>
> type=AVC msg=audit(1183544591.317:4171): avc:  denied  { getattr } 
> for  pid=23731 comm="postdrop" name="[517696]" dev=pipefs ino=517696 
> scontext=root:system_r:postfix_postdrop_t:s0 
> tcontext=root:system_r:httpd_t:s0 tclass=fifo_file
>
> type=SYSCALL msg=audit(1183544591.317:4171): arch=40000003 syscall=197 
> success=yes exit=0 a0=2 a1=bfa66af0 a2=840ff4 a3=3 items=0 ppid=23730 
> pid=23731 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=90 
> sgid=90 fsgid=90 tty=(none) comm="postdrop" exe="/usr/sbin/postdrop" 
> subj=root:system_r:postfix_postdrop_t:s0 key=(null)
>
> type=AVC_PATH msg=audit(1183544591.317:4171):  path="pipe:[517696]"
Ok I will dontaudit in the next release "2.6.4-27"

> --
>
> CERTISIGN <http://www.certisign.com.br/>**Pedro Silva**
> Especialista de Desenvolvimento
> (21) 4501 1026
>
> Certisign Certificadora Digital
> certisign.com.br <http://www.certisign.com.br/>

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list