-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/17/2010 07:30 PM, Daniel B. Thurman wrote:
>
> Every once in awhile I get these spurious message, high CPU usage,
> repeated denials > 512 times and then it quits. I do not have ypbind,
> nis, nor nfs installed. I even tried /.autorelabel and same issue comes
> up. I do have spamassassin installed though.
>
> So how do I resolve this?
>
> ===================================================
> Summary:
>
> SELinux is preventing /usr/bin/perl from binding to port 32726.
>
> Detailed Description:
>
> SELinux has denied the spamassassin from binding to a network port 32726
> which
> does not have an SELinux type associated with it. If spamassassin should be
> allowed to listen on 32726, use the semanage command to assign 32726 to
> a port
> type that spamc_t can bind to ().
> If spamassassin is not supposed to bind to 32726, this could signal an
> intrusion
> attempt.
>
> Allowing Access:
>
> If you want to allow spamassassin to bind to port 32726, you can execute
> # semanage port -a -t PORT_TYPE -p udp 32726
> where PORT_TYPE is one of the following: .
> If this system is running as an NIS Client, turning on the allow_ypbind
> boolean
> may fix the problem. setsebool -P allow_ypbind=1.
>
> Additional Information:
>
> Source Context system_u:system_r:spamc_t:s0
> Target Context system_u:object_r:port_t:s0
> Target Objects None [ udp_socket ]
> Source spamassassin
> Source Path /usr/bin/perl
> Port 32726
> Host (removed)
> Source RPM Packages perl-5.10.1-116.fc13
> Target RPM Packages
> Policy RPM selinux-policy-3.7.19-44.fc13
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Plugin Name bind_ports
> Host Name (removed)
> Platform Linux (removed) 2.6.33.6-147.2.4.fc13.i686 #1
> SMP Fri Jul 23 17:27:40 UTC 2010 i686 i686
> Alert Count 512
> First Seen Tue 17 Aug 2010 02:00:10 PM PDT
> Last Seen Tue 17 Aug 2010 04:05:25 PM PDT
> Local ID 280d928d-03f6-42c5-99f8-eb23cb24a236
> Line Numbers
>
> Raw Audit Messages
>
> node=(removed) type=AVC msg=audit(1282086325.907:81309): avc: denied {
> name_bind } for pid=23536 comm="spamassassin" src=32726
> scontext=system_u:system_r:spamc_t:s0
> tcontext=system_u:object_r:port_t:s0 tclass=udp_socket
>
> node=(removed) type=SYSCALL msg=audit(1282086325.907:81309):
> arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bfae7100
> a2=654b4d4 a3=9fd1008 items=0 ppid=23535 pid=23536 auid=4294967295
> uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
> tty=(none) ses=4294967295 comm="spamassassin" exe="/usr/bin/perl"
> subj=system_u:system_r:spamc_t:s0 key=(null)
>
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
Why does spamassassin bind to a udb port?
You can add this for now using
# grep spam /var/log/audit/audit.log | audit2allow -M myspam
# semodule -i myspam.pp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkxr4dMACgkQrlYvE4MpobM6lgCff30TOyTnqljc5Mf/V8nhIr4G
jiAAn2zfSrK6PP3J7lRHKYj5rSmqzS2F
=2FRu
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
