-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/17/2013 09:14 AM, David Highley wrote:
> "Daniel J Walsh wrote:"
>>
> On 09/16/2013 11:30 PM, David Highley wrote:
>>>> The avcs listed below seem to have been around for a long time. Is
>>>> pyzor really trying to run rpm to install something?
>>>>
>>>> type=SYSCALL msg=audit(1376212087.230:525): arch=c000003e syscall=4
>>>> success=no e xit=-13 a0=24121b0 a1=7fff9e82e820 a2=7fff9e82e820
>>>> a3=7f889c8a35d0 items=0 ppid=9709 pid=9710 auid=4294967295 uid=0
>>>> gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295
>>>> tty=(none) comm="pyzor" exe="/usr/bin/python2.7"
>>>> subj=system_u:system_r:spamc_t:s0 key=(null) type=AVC
>>>> msg=audit(1376212087.230:525): avc: denied { getattr } for pid=9710
>>>> comm="pyzor" path="/usr/bin/rpm" dev="dm-1" ino=691636
>>>> scontext=system_u:system_r:spamc_t:s0
>>>> tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file type=SYSCALL
>>>> msg=audit(1376217670.157:605): arch=c000003e syscall=4 success=no
>>>> exit=-13 a0=1b511b0 a1=7fffab9ca4a0 a2=7fffab9ca4a0 a3=7fafd093b5d0
>>>> items=0 ppid=10665 pid=12274 auid=4294967295 uid=0 gid=0 euid=0
>>>> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none)
>>>> comm="pyzor" exe="/usr/bin/python2.7"
>>>> subj=system_u:system_r:spamc_t:s0 key=(null) type=AVC
>>>> msg=audit(1376217670.157:605): avc: denied { getattr } for
>>>> pid=12274 comm="pyzor" path="/usr/bin/rpm" dev="dm-1" ino=691636
>>>> scontext=system_u:system_r:spamc_t:s0
>>>> tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file type=SYSCALL
>>>> msg=audit(1376218163.947:614): arch=c000003e syscall=4 success=no
>>>> exit=-13 a0=1d191b0 a1=7fff04d2fd70 a2=7fff04d2fd70 a3=35101c15d0
>>>> items=0 ppid=24224 pid=24226 auid=4294967295 uid=0 gid=0 euid=0
>>>> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none)
>>>> comm="pyzor" exe="/usr/bin/python2.7"
>>>> subj=system_u:system_r:spamc_t:s0 key=(null) type=AVC
>>>> msg=audit(1376218163.947:614): avc: denied { getattr } for
>>>> pid=24226 comm="pyzor" path="/usr/bin/rpm" dev="dm-1" ino=9914
>>>> scontext=system_u:system_r:spamc_t:s0
>>>> tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file -- selinux
>>>> mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>>
> Is spamc going to execute the rpm program? If so for what?
>
>> Looked like it might be the pyzor plugin to spamassassin that appears to
>> want to run rpm. Maybe we should contact the package maintainer.
>
>>
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
Sounds good, why not open a bugzilla and we can take care of it there. If all
it is doing is getting a listing of packages installed, we can probably add
that access.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlI4dLYACgkQrlYvE4MpobNg8wCgkSqBTtwooO81WqVRGIdY6eZa
5OYAn2EIuZwKfNm1MV+EYbXZnpdYr0Cf
=UBHV
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
