Strange Mailman/Sendmail Audit messages in Fedora-10?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey,

I'm working on getting a new Fedora-10 server up and running.  I've
set up mailman and have lists configured.  Mail even seems to be
flowing, but for some reason I'm getting a strange audit message on
each incoming message.  I find it interesting that there are three
unix_socket AVCs and I have three milters connected to sendmail.

The settroubleshoot viewer gives me the following information.

I'm hoping someone could help me understand these log messages,
and maybe help me make them go away?

Thanks,

-derek


Summary

SELinux is preventing mailman (mailman_mail_t) "read write" sendmail_t.

Detailed Description

SELinux denied access requested by mailman. It is not expected that this access is required by mailman and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. 

Allowing Access

You can generate a local policy module to allow this access - see FAQ
Or you can disable SELinux protection altogether. Disabling SELinux
protection is not recommended. Please file a bug report against this
package.

Additional Information
Source Context:  system_u:system_r:mailman_mail_t:s0
Target Context:  system_u:system_r:sendmail_t:s0
Target Objects:  socket [ unix_stream_socket ]
Source:  mailman
Source Path:  /usr/lib/mailman/mail/mailman
Port:  <Unknown>
Host:  <redacted>
Source RPM Packages:  mailman-2.1.11-3.fc10
Target RPM Packages:  
Policy RPM:  selinux-policy-3.5.13-41.fc10
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  catchall
Host Name:  code.gnucash.org
Platform:  Linux code.gnucash.org 2.6.27.12-170.2.5.fc10.i686 #1 SMP Wed Jan 21 02:09:37 EST 2009 i686 athlon
Alert Count:  1
First Seen:  Sun 08 Feb 2009 11:28:40 AM EST
Last Seen:  Sun 08 Feb 2009 03:04:01 PM EST
Local ID:  606e93dc-55fc-4454-acfa-1081a87deb63
Line Numbers:  

Raw Audit Messages :

node=code.gnucash.org type=AVC msg=audit(1234123441.829:421): avc:
denied { read write } for pid=17455 comm="mailman"
path="socket:[105075]" dev=sockfs ino=105075
scontext=system_u:system_r:mailman_mail_t:s0
tcontext=system_u:system_r:sendmail_t:s0 tclass=unix_stream_socket

node=code.gnucash.org type=AVC msg=audit(1234123441.829:421): avc:
denied { read write } for pid=17455 comm="mailman"
path="socket:[105077]" dev=sockfs ino=105077
scontext=system_u:system_r:mailman_mail_t:s0
tcontext=system_u:system_r:sendmail_t:s0 tclass=unix_stream_socket

node=code.gnucash.org type=AVC msg=audit(1234123441.829:421): avc:
denied { read write } for pid=17455 comm="mailman"
path="socket:[105079]" dev=sockfs ino=105079
scontext=system_u:system_r:mailman_mail_t:s0
tcontext=system_u:system_r:sendmail_t:s0 tclass=unix_stream_socket

node=code.gnucash.org type=SYSCALL msg=audit(1234123441.829:421):
arch=40000003 syscall=11 success=yes exit=0 a0=8d42e38 a1=8d42f20
a2=8d42508 a3=0 items=0 ppid=17454 pid=17455 auid=4294967295 uid=8
gid=12 euid=8 suid=8 fsuid=8 egid=41 sgid=41 fsgid=41 tty=(none)
ses=4294967295 comm="mailman" exe="/usr/lib/mailman/mail/mailman"
subj=system_u:system_r:mailman_mail_t:s0 key=(null)

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@xxxxxxx                        PGP key available

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux