Hi,
Paul Howarth <paul@xxxxxxxxxxxx> writes:
[snip]
> Do your milters exec other programs? There are a couple of sockets
I don't think so, but I don't know. I'm using clamav-milter,
spamass-milter, and milter-sender. I'm pretty sure that the
latter doesn't fork/exec. I don't know about clamav or spamass.
> involved in the milter process (one in libmilter that shows up in the
> milter process itself, and one at the other end of the connection in
> sendmail) that don't have close-on-exec set, so their descriptors leak
> when they exec other programs, and that looks like what you're seeing
> here. I've submitted patches against 8.14.3 upstream many months ago
> but there hasn't been a new release since.
>
> In the meantime, I expect you can safely dontaudit these.
Okay, how would I do that?
> Paul.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@xxxxxxx PGP key available
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
