Strange Mailman/Sendmail Audit messages in Fedora-10?
Daniel J Walsh
dwalsh at redhat.com
Tue Feb 10 14:18:27 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Derek Atkins wrote:
> Paul,
>
> Quoting Paul Howarth <paul at city-fan.org>:
>
>>> [snip]
>>> > Do your milters exec other programs? There are a couple of sockets
>>>
>>> I don't think so, but I don't know. I'm using clamav-milter,
>>> spamass-milter, and milter-sender. I'm pretty sure that the
>>> latter doesn't fork/exec. I don't know about clamav or spamass.
>>
>> spamass-milter forks and execs sendmail to deliver spam if you use the
>> "-b" option - that's how I discovered the problem.
>
> Thanks. But I'm not using the -b option. It's run with:
>
> -p /path/to/sock -P /path/to/pid -m -r 5 -i ...
>
>> The audit log entries you posted suggest that mailman inherited a
>> socket descriptor from sendmail.
>
> I believe that.. Yet it doesn't look like it actually stopped anything
> from happening.. The mail seemed to flow okay. But it would be
> nice to fix this. I don't like getting audit warnings. Maybe sendmail
> is leaking fds as you suggest? Should I file a bug with fedora
> about this?
>
> [snip]
>>> Okay, how would I do that?
>>
>> You'll need to create a local policy module. I'd do it this way:
>>
> [instructions snipped]
>
> Thanks, Paul. I'll consider doing this.
>
> Is there any easy way to figure out what's connected to the sockets
> that it's complaining about? I certainly can't find anything via
> lsof or netstat -a. Most likely because the sockets get closed
> before I see the audit message and try to track it down.
>
>> Cheers, Paul.
>
> And to you! Thanks.
>
> -derek
>
Yes any leaked file descriptors should be reported.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmRjLMACgkQrlYvE4MpobNzTACfZEluAaWq3Z0KXxyqAVXfQImz
/ZsAoLoGlwB/Sh1iWq8J3tAg+ReW2YhR
=wuve
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list