-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel J Walsh wrote: > Derek Atkins wrote: >> Paul, > >> Quoting Paul Howarth <paul@xxxxxxxxxxxx>: > >>>> [snip] >>>>> Do your milters exec other programs? There are a couple of sockets >>>> I don't think so, but I don't know. I'm using clamav-milter, >>>> spamass-milter, and milter-sender. I'm pretty sure that the >>>> latter doesn't fork/exec. I don't know about clamav or spamass. >>> spamass-milter forks and execs sendmail to deliver spam if you use the >>> "-b" option - that's how I discovered the problem. >> Thanks. But I'm not using the -b option. It's run with: > >> -p /path/to/sock -P /path/to/pid -m -r 5 -i ... > >>> The audit log entries you posted suggest that mailman inherited a >>> socket descriptor from sendmail. >> I believe that.. Yet it doesn't look like it actually stopped anything >> from happening.. The mail seemed to flow okay. But it would be >> nice to fix this. I don't like getting audit warnings. Maybe sendmail >> is leaking fds as you suggest? Should I file a bug with fedora >> about this? > >> [snip] >>>> Okay, how would I do that? >>> You'll need to create a local policy module. I'd do it this way: >>> >> [instructions snipped] > >> Thanks, Paul. I'll consider doing this. > >> Is there any easy way to figure out what's connected to the sockets >> that it's complaining about? I certainly can't find anything via >> lsof or netstat -a. Most likely because the sockets get closed >> before I see the audit message and try to track it down. > >>> Cheers, Paul. >> And to you! Thanks. > >> -derek > > Yes any leaked file descriptors should be reported. Actually Paul's response is better then mine. - -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmRjPMACgkQrlYvE4MpobPRbgCfSrn+ZRBBFWYlLZYlUy4wD5w3 bwwAnRA/WWkXDY6eH2eTAz9Ug6J7Hcto =Ue3T -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
