selinux hogs locks ? Re: f7 : yum fails with rpmdb: Lock table is out of available locker entries

Mon Jun 18 13:25:20 UTC 2007

Wolfgang S. Rupprecht wrote:
> Skunk Worx <skunkworx at verizon.net> writes:
>   
>> Daniel J Walsh wrote:
>>     
>>> Did you see avc messages in /var/log/audit/audit.log?
>>>       
>> I don't see anything that looks like yum or rpm related, my log is
>> much smaller.
>>     
>
> One thing that stands out (by virtue of having the word "lock" in it
> ;-)) is the postfix mailbox locking.  It might not be anything, since
> I'm not really sure which needle in this haystack I'm looking for.
>
> # grep -i lock audit.log  | grep -v clock_device | tail
> type=AVC msg=audit(1181331871.161:339): avc:  denied  { remove_name } for  pid=11667 comm="local" name="Mailbox.lock" dev=dm-0 ino=70551655 scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
> type=AVC msg=audit(1181331871.161:339): avc:  denied  { unlink } for  pid=11667 comm="local" name="Mailbox.lock" dev=dm-0 ino=70551655 scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file
> type=AVC msg=audit(1181333061.829:345): avc:  denied  { add_name } for  pid=11835 comm="local" name="Mailbox.lock" scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
> type=AVC msg=audit(1181333064.210:346): avc:  denied  { remove_name } for  pid=11835 comm="local" name="Mailbox.lock" dev=dm-0 ino=71697052 scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
> type=AVC msg=audit(1181333216.630:357): avc:  denied  { add_name } for  pid=11861 comm="local" name="Mailbox.lock" scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
> type=AVC msg=audit(1181333217.129:358): avc:  denied  { remove_name } for  pid=11861 comm="local" name="Mailbox.lock" dev=dm-0 ino=70551655 scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
> type=AVC msg=audit(1181336644.216:383): avc:  denied  { add_name } for  pid=12469 comm="local" name="Mailbox.lock" scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
> type=AVC msg=audit(1181336644.216:383): avc:  denied  { create } for  pid=12469 comm="local" name="Mailbox.lock" scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file
> type=AVC msg=audit(1181336644.225:384): avc:  denied  { remove_name } for  pid=12469 comm="local" name="Mailbox.lock" dev=dm-0 ino=70551655 scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
> type=AVC msg=audit(1181336644.225:384): avc:  denied  { unlink } for  pid=12469 comm="local" name="Mailbox.lock" dev=dm-0 ino=70551655 scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file
>
> -wolfgang
>   

This looks like you have postfix attempting to create a file 
(Mailbox.lock) in the / directory?