On Wed, 23 Sep 2009 07:57:03 -0700
Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> On 09/23/2009 07:47 AM, John Griffiths wrote:
> > 2) SELinux is preventing sendmail (system_mail_t) "read" to
> > /usr/share/GeoIP/GeoIP.dat (usr_t).
> >
> > Raw Audit Messages :
> >
> > node=elijah.suretrak21.net type=AVC
> > msg=audit(1253643380.763:60806): avc: denied { read } for pid=1311
> > comm="sendmail" path="/usr/share/GeoIP/GeoIP.dat" dev=dm-0
> > ino=663651 scontext=system_u:system_r:system_mail_t:s0
> > tcontext=system_u:object_r:usr_t:s0 tclass=file
> >
> > node=elijah.suretrak21.net type=SYSCALL
> > msg=audit(1253643380.763:60806): arch=40000003 syscall=11
> > success=yes exit=0 a0=9ad05d0 a1=9acfd18 a2=9acfb08 a3=0 items=0
> > ppid=14784 pid=1311 auid=4294967295 uid=48 gid=48 euid=48 suid=48
> > fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295
> > comm="sendmail" exe="/usr/sbin/sendmail.postfix"
> > subj=system_u:system_r:system_mail_t:s0 key=(null)
> >
> This one looks like a leak unless something is actually trying to
> mail /usr/share/GeoIP/GeoIP.dat
Are you using milter-greylist by any chance?
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
