Re: Avcs for spamc

David Highley <dhighley@xxxxxxxxxxxxxxxxxxxxxxx> · Tue, 17 Sep 2013 06:14:22 -0700 (PDT)

"Daniel J Walsh wrote:"
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 09/16/2013 11:30 PM, David Highley wrote:
> > The avcs listed below seem to have been around for a long time. Is pyzor 
> > really trying to run rpm to install something?
> > 
> > type=SYSCALL msg=audit(1376212087.230:525): arch=c000003e syscall=4 
> > success=no e xit=-13 a0=24121b0 a1=7fff9e82e820 a2=7fff9e82e820
> > a3=7f889c8a35d0 items=0 ppid=9709 pid=9710 auid=4294967295 uid=0 gid=0
> > euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none)
> > comm="pyzor" exe="/usr/bin/python2.7" subj=system_u:system_r:spamc_t:s0
> > key=(null) type=AVC msg=audit(1376212087.230:525): avc:  denied  { getattr
> > } for pid=9710 comm="pyzor" path="/usr/bin/rpm" dev="dm-1" ino=691636 
> > scontext=system_u:system_r:spamc_t:s0 
> > tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file type=SYSCALL
> > msg=audit(1376217670.157:605): arch=c000003e syscall=4 success=no exit=-13
> > a0=1b511b0 a1=7fffab9ca4a0 a2=7fffab9ca4a0 a3=7fafd093b5d0 items=0
> > ppid=10665 pid=12274 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> > egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="pyzor"
> > exe="/usr/bin/python2.7" subj=system_u:system_r:spamc_t:s0 key=(null) 
> > type=AVC msg=audit(1376217670.157:605): avc:  denied  { getattr } for 
> > pid=12274 comm="pyzor" path="/usr/bin/rpm" dev="dm-1" ino=691636 
> > scontext=system_u:system_r:spamc_t:s0 
> > tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file type=SYSCALL
> > msg=audit(1376218163.947:614): arch=c000003e syscall=4 success=no exit=-13
> > a0=1d191b0 a1=7fff04d2fd70 a2=7fff04d2fd70 a3=35101c15d0 items=0 ppid=24224
> > pid=24226 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> > fsgid=0 ses=4294967295 tty=(none) comm="pyzor" exe="/usr/bin/python2.7"
> > subj=system_u:system_r:spamc_t:s0 key=(null) type=AVC
> > msg=audit(1376218163.947:614): avc:  denied  { getattr } for pid=24226
> > comm="pyzor" path="/usr/bin/rpm" dev="dm-1" ino=9914 
> > scontext=system_u:system_r:spamc_t:s0 
> > tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file -- selinux mailing
> > list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> > https://admin.fedoraproject.org/mailman/listinfo/selinux
> > 
> Is spamc going to execute the rpm program?  If so for what?

Looked like it might be the pyzor plugin to spamassassin that appears to
want to run rpm. Maybe we should contact the package maintainer.

> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.14 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iEYEARECAAYFAlI4Uc0ACgkQrlYvE4MpobPMVgCfTB5lmDETfEdCHfj5MINWl5sM
> A/IAnihe/MhM9X+8W5lqSWYLHPaapYCU
> =E5Yu
> -----END PGP SIGNATURE-----
> 
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux