Spamassassin emails have wrong perms -- CC'ed to selinux list
Paul Howarth
paul at city-fan.org
Mon Jan 30 07:53:19 UTC 2006
On Sun, 2006-01-29 at 22:52 -0600, Justin Willmert wrote:
> Ivan Gyurdiev wrote:
> >
> >> I'm cc-ing this to the fedora-selinux-list. I think some of the
> >> problems may be applicable there.
> >>
> >> OK, after some more testing, when I disable SELinux, many of the
> >> errors go away. First of all, I get rid of the error message saying
> >> user can not be found and with it the 'still running as root' error.
> >> Second, it is able to access the bayes_journal file (as long as
> >> normal unix permissions are right, which I've figured out). So I
> >> guess the problem is an SELinux issue which I can't solve. I'd attach
> >> some avc error messages, but I can't seem to find any. I've looked in
> >> maillog, secure, and messages, but nothing.
> > Have you looked in the audit log, where all such messages are usually
> > found ?
> > /var/log/audit.log
> >
> Below is what showed up in audit/audit.log when I sent a message through
> spamassassin. I'm _*really*_ rusty on SELinux...it's the one thing I
> have to deal with quite often that I haven't been able to learn how to
> use...it's so foreign to me. I've never looked in audit.log before: the
> avc messages used to show up in messages, but now as far back as my logs
> go, I don't have a single avc message. This all looks like jibberish to
> me, so I need your guy's help.
>
> Thanks,
> Justin
>
> type=AVC msg=audit(1138596151.681:104174): avc: denied {
> name_connect } for pid=23796 comm="spamd" dest=389
> scontext=root:system_r:spamd_t
> tcontext=system_u:object_r:ldap_port_t tclass=tcp_socket
> type=SYSCALL msg=audit(1138596151.681:104174): arch=40000003
> syscall=102 success=no exit=-13 a0=3 a1=bfb2dc20 a2=1229cb8 a3=7
> items=0 pid=23796 auid=600 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 comm="spamd" exe="/usr/bin/perl"
> type=SOCKADDR msg=audit(1138596151.681:104174):
> saddr=02000185C0A801940000000000000000
> type=SOCKETCALL msg=audit(1138596151.681:104174): nargs=3 a0=7
> a1=9b1fe80 a2=10
> type=AVC msg=audit(1138596153.220:104175): avc: denied {
> name_connect } for pid=23796 comm="spamd" dest=389
> scontext=root:system_r:spamd_t
> tcontext=system_u:object_r:ldap_port_t tclass=tcp_socket
> type=SYSCALL msg=audit(1138596153.220:104175): arch=40000003
> syscall=102 success=no exit=-13 a0=3 a1=bfb2dc20 a2=1229cb8 a3=7
> items=0 pid=23796 auid=600 uid=0 gid=0 euid=99 suid=0 fsuid=99
> egid=99 sgid=0 fsgid=99 comm="spamd" exe="/usr/bin/perl"
> type=SOCKADDR msg=audit(1138596153.220:104175):
> saddr=02000185C0A801940000000000000000
> type=SOCKETCALL msg=audit(1138596153.220:104175): nargs=3 a0=7
> a1=9b6a6f0 a2=10
> type=AVC msg=audit(1138596160.388:104176): avc: denied {
> name_connect } for pid=23797 comm="spamd" dest=389
> scontext=root:system_r:spamd_t
> tcontext=system_u:object_r:ldap_port_t tclass=tcp_socket
> type=SYSCALL msg=audit(1138596160.388:104176): arch=40000003
> syscall=102 success=no exit=-13 a0=3 a1=bfb2dc20 a2=1229cb8 a3=7
> items=0 pid=23797 auid=600 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 comm="spamd" exe="/usr/bin/perl"
> type=SOCKADDR msg=audit(1138596160.388:104176):
> saddr=02000185C0A801940000000000000000
> type=SOCKETCALL msg=audit(1138596160.388:104176): nargs=3 a0=7
> a1=9b20050 a2=10
> type=AVC msg=audit(1138596164.032:104177): avc: denied {
> name_connect } for pid=23797 comm="spamd" dest=389
> scontext=root:system_r:spamd_t
> tcontext=system_u:object_r:ldap_port_t tclass=tcp_socket
> type=SYSCALL msg=audit(1138596164.032:104177): arch=40000003
> syscall=102 success=no exit=-13 a0=3 a1=bfb2dc20 a2=1229cb8 a3=7
> items=0 pid=23797 auid=600 uid=0 gid=0 euid=99 suid=0 fsuid=99
> egid=99 sgid=0 fsgid=99 comm="spamd" exe="/usr/bin/perl"
> type=SOCKADDR msg=audit(1138596164.032:104177):
> saddr=02000185C0A801940000000000000000
> type=SOCKETCALL msg=audit(1138596164.032:104177): nargs=3 a0=7
> a1=9b84af0 a2=10
Are you using LDAP for authentication or to handle mail accounts?
Paul.
More information about the fedora-selinux-list
mailing list