selinux hogs locks ? Re: f7 : yum fails with rpmdb: Lock table is out of available locker entries
Daniel J Walsh
dwalsh at redhat.com
Mon Jun 18 13:25:20 UTC 2007
Wolfgang S. Rupprecht wrote:
> Skunk Worx <skunkworx at verizon.net> writes:
>
>> Daniel J Walsh wrote:
>>
>>> Did you see avc messages in /var/log/audit/audit.log?
>>>
>> I don't see anything that looks like yum or rpm related, my log is
>> much smaller.
>>
>
> One thing that stands out (by virtue of having the word "lock" in it
> ;-)) is the postfix mailbox locking. It might not be anything, since
> I'm not really sure which needle in this haystack I'm looking for.
>
> # grep -i lock audit.log | grep -v clock_device | tail
> type=AVC msg=audit(1181331871.161:339): avc: denied { remove_name } for pid=11667 comm="local" name="Mailbox.lock" dev=dm-0 ino=70551655 scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
> type=AVC msg=audit(1181331871.161:339): avc: denied { unlink } for pid=11667 comm="local" name="Mailbox.lock" dev=dm-0 ino=70551655 scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file
> type=AVC msg=audit(1181333061.829:345): avc: denied { add_name } for pid=11835 comm="local" name="Mailbox.lock" scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
> type=AVC msg=audit(1181333064.210:346): avc: denied { remove_name } for pid=11835 comm="local" name="Mailbox.lock" dev=dm-0 ino=71697052 scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
> type=AVC msg=audit(1181333216.630:357): avc: denied { add_name } for pid=11861 comm="local" name="Mailbox.lock" scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
> type=AVC msg=audit(1181333217.129:358): avc: denied { remove_name } for pid=11861 comm="local" name="Mailbox.lock" dev=dm-0 ino=70551655 scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
> type=AVC msg=audit(1181336644.216:383): avc: denied { add_name } for pid=12469 comm="local" name="Mailbox.lock" scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
> type=AVC msg=audit(1181336644.216:383): avc: denied { create } for pid=12469 comm="local" name="Mailbox.lock" scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file
> type=AVC msg=audit(1181336644.225:384): avc: denied { remove_name } for pid=12469 comm="local" name="Mailbox.lock" dev=dm-0 ino=70551655 scontext=system_u:system_r:postfix_local_t:s0 tcontext=root:object_r:root_t:s0 tclass=dir
> type=AVC msg=audit(1181336644.225:384): avc: denied { unlink } for pid=12469 comm="local" name="Mailbox.lock" dev=dm-0 ino=70551655 scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file
>
> -wolfgang
>
This looks like you have postfix attempting to create a file
(Mailbox.lock) in the / directory?
More information about the fedora-list
mailing list