Derek Atkins wrote:
Hey,
I'm working on getting a new Fedora-10 server up and running. I've
set up mailman and have lists configured. Mail even seems to be
flowing, but for some reason I'm getting a strange audit message on
each incoming message. I find it interesting that there are three
unix_socket AVCs and I have three milters connected to sendmail.
The settroubleshoot viewer gives me the following information.
I'm hoping someone could help me understand these log messages,
and maybe help me make them go away?
Thanks,
-derek
Summary
SELinux is preventing mailman (mailman_mail_t) "read write" sendmail_t.
Detailed Description
SELinux denied access requested by mailman. It is not expected that this access is required by mailman and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access
You can generate a local policy module to allow this access - see FAQ
Or you can disable SELinux protection altogether. Disabling SELinux
protection is not recommended. Please file a bug report against this
package.
Additional Information
Source Context: system_u:system_r:mailman_mail_t:s0
Target Context: system_u:system_r:sendmail_t:s0
Target Objects: socket [ unix_stream_socket ]
Source: mailman
Source Path: /usr/lib/mailman/mail/mailman
Port: <Unknown>
Host: <redacted>
Source RPM Packages: mailman-2.1.11-3.fc10
Target RPM Packages:
Policy RPM: selinux-policy-3.5.13-41.fc10
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: catchall
Host Name: code.gnucash.org
Platform: Linux code.gnucash.org 2.6.27.12-170.2.5.fc10.i686 #1 SMP Wed Jan 21 02:09:37 EST 2009 i686 athlon
Alert Count: 1
First Seen: Sun 08 Feb 2009 11:28:40 AM EST
Last Seen: Sun 08 Feb 2009 03:04:01 PM EST
Local ID: 606e93dc-55fc-4454-acfa-1081a87deb63
Line Numbers:
Raw Audit Messages :
node=code.gnucash.org type=AVC msg=audit(1234123441.829:421): avc:
denied { read write } for pid=17455 comm="mailman"
path="socket:[105075]" dev=sockfs ino=105075
scontext=system_u:system_r:mailman_mail_t:s0
tcontext=system_u:system_r:sendmail_t:s0 tclass=unix_stream_socket
node=code.gnucash.org type=AVC msg=audit(1234123441.829:421): avc:
denied { read write } for pid=17455 comm="mailman"
path="socket:[105077]" dev=sockfs ino=105077
scontext=system_u:system_r:mailman_mail_t:s0
tcontext=system_u:system_r:sendmail_t:s0 tclass=unix_stream_socket
node=code.gnucash.org type=AVC msg=audit(1234123441.829:421): avc:
denied { read write } for pid=17455 comm="mailman"
path="socket:[105079]" dev=sockfs ino=105079
scontext=system_u:system_r:mailman_mail_t:s0
tcontext=system_u:system_r:sendmail_t:s0 tclass=unix_stream_socket
node=code.gnucash.org type=SYSCALL msg=audit(1234123441.829:421):
arch=40000003 syscall=11 success=yes exit=0 a0=8d42e38 a1=8d42f20
a2=8d42508 a3=0 items=0 ppid=17454 pid=17455 auid=4294967295 uid=8
gid=12 euid=8 suid=8 fsuid=8 egid=41 sgid=41 fsgid=41 tty=(none)
ses=4294967295 comm="mailman" exe="/usr/lib/mailman/mail/mailman"
subj=system_u:system_r:mailman_mail_t:s0 key=(null)
Do your milters exec other programs? There are a couple of sockets
involved in the milter process (one in libmilter that shows up in the
milter process itself, and one at the other end of the connection in
sendmail) that don't have close-on-exec set, so their descriptors leak
when they exec other programs, and that looks like what you're seeing
here. I've submitted patches against 8.14.3 upstream many months ago but
there hasn't been a new release since.
In the meantime, I expect you can safely dontaudit these.
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
