Re: Avcs for spamc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/16/2013 11:30 PM, David Highley wrote:
> The avcs listed below seem to have been around for a long time. Is pyzor 
> really trying to run rpm to install something?
> 
> type=SYSCALL msg=audit(1376212087.230:525): arch=c000003e syscall=4 
> success=no e xit=-13 a0=24121b0 a1=7fff9e82e820 a2=7fff9e82e820
> a3=7f889c8a35d0 items=0 ppid=9709 pid=9710 auid=4294967295 uid=0 gid=0
> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none)
> comm="pyzor" exe="/usr/bin/python2.7" subj=system_u:system_r:spamc_t:s0
> key=(null) type=AVC msg=audit(1376212087.230:525): avc:  denied  { getattr
> } for pid=9710 comm="pyzor" path="/usr/bin/rpm" dev="dm-1" ino=691636 
> scontext=system_u:system_r:spamc_t:s0 
> tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file type=SYSCALL
> msg=audit(1376217670.157:605): arch=c000003e syscall=4 success=no exit=-13
> a0=1b511b0 a1=7fffab9ca4a0 a2=7fffab9ca4a0 a3=7fafd093b5d0 items=0
> ppid=10665 pid=12274 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="pyzor"
> exe="/usr/bin/python2.7" subj=system_u:system_r:spamc_t:s0 key=(null) 
> type=AVC msg=audit(1376217670.157:605): avc:  denied  { getattr } for 
> pid=12274 comm="pyzor" path="/usr/bin/rpm" dev="dm-1" ino=691636 
> scontext=system_u:system_r:spamc_t:s0 
> tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file type=SYSCALL
> msg=audit(1376218163.947:614): arch=c000003e syscall=4 success=no exit=-13
> a0=1d191b0 a1=7fff04d2fd70 a2=7fff04d2fd70 a3=35101c15d0 items=0 ppid=24224
> pid=24226 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 ses=4294967295 tty=(none) comm="pyzor" exe="/usr/bin/python2.7"
> subj=system_u:system_r:spamc_t:s0 key=(null) type=AVC
> msg=audit(1376218163.947:614): avc:  denied  { getattr } for pid=24226
> comm="pyzor" path="/usr/bin/rpm" dev="dm-1" ino=9914 
> scontext=system_u:system_r:spamc_t:s0 
> tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file -- selinux mailing
> list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
Is spamc going to execute the rpm program?  If so for what?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlI4Uc0ACgkQrlYvE4MpobPMVgCfTB5lmDETfEdCHfj5MINWl5sM
A/IAnihe/MhM9X+8W5lqSWYLHPaapYCU
=E5Yu
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux