crond/mailman, .... Rawhide issues....
Tom London
selinux at comcast.net
Fri Aug 13 15:40:15 UTC 2004
Latest stuff from Rawhide: crond/mailman issues again....
Here is the email (I got lots of these!):
Subject: Cron <mailman at fedora> /usr/bin/python -S
/var/mailman/cron/gate_news
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/var/mailman>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=mailman>
X-Cron-Env: <USER=mailman>
Traceback (most recent call last):
File "/var/mailman/cron/gate_news", line 284, in ?
main()
File "/var/mailman/cron/gate_news", line 259, in main
lock.lock(timeout=0.5)
File "/var/mailman/Mailman/LockFile.py", line 243, in lock
self.__write()
File "/var/mailman/Mailman/LockFile.py", line 422, in __write
fp = open(self.__tmpfname, 'w')
IOError: [Errno 13] Permission denied:
'/var/mailman/locks/gate_news.lock.fedora.XXX.3986.0'
Here are the AVCs:
Aug 13 08:35:01 fedora crond(pam_unix)[4065]: session opened for user
mailman by (uid=0)
Aug 13 08:35:01 fedora crond(pam_unix)[4068]: session opened for user
root by (uid=0)
Aug 13 08:35:02 fedora kernel: audit(1092411302.395:0): avc: denied {
read append } for pid=4067 exe=/usr/bin/python name=error dev=hda2
ino=442471 scontext=system_u:system_r:system_crond_t
tcontext=system_u:object_r:mailman_log_t tclass=file
Aug 13 08:35:02 fedora kernel: audit(1092411302.397:0): avc: denied {
write } for pid=4067 exe=/usr/bin/python name=locks dev=hda2 ino=442718
scontext=system_u:system_r:system_crond_t
tcontext=system_u:object_r:mailman_lock_t tclass=dir
Aug 13 08:35:02 fedora crond(pam_unix)[4068]: session closed for user root
Aug 13 08:35:04 fedora crond(pam_unix)[4065]: session closed for user
mailman
audit2allow produces:
allow system_crond_t mailman_lock_t:dir { write };
allow system_crond_t mailman_log_t:file { append read };
That right, (or have I broken something else)?
tom
[BTW, booleans now get loaded. Neat!]
More information about the fedora-selinux-list
mailing list