Mail problems...

melaina at libero.it melaina at libero.it
Wed Jan 31 05:04:59 UTC 2007


Hello!

I have just started playing a bit with SELinux in permissive mode on my system. I have qmail with spamassassin installed; the only AVC denied messages I get (after I relabeled the system and fixed domains on a couple of log files), is the following:

Jan 30 20:23:13 drake kernel: audit(1170210193.998:8): avc:  denied  { read }                                              for  pid=11862 comm="sendmail" name="RsmVLSTr" dev=loop0 ino=20 scontext=user_u:                                             system_r:system_mail_t tcontext=user_u:object_r:httpd_sys_script_rw_t tclass=fil                                             e
Jan 30 20:23:13 drake kernel: audit(1170210193.998:9): avc:  denied  { read wr                                             ite } for  pid=11862 comm="sendmail" name="jk-runtime-status" dev=hda5 ino=49827                                             49 scontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:httpd_log_t                                              tclass=file
Jan 30 20:23:14 drake kernel: audit(1170210194.019:10): avc:  denied  { ioctl                                              } for  pid=11863 comm="qmail-scanner-q" name="error_log" dev=hda5 ino=4984894 sc                                             ontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:httpd_log_t tcla                                             ss=file
Jan 30 20:23:14 drake kernel: audit(1170210194.026:11): avc:  denied  { read }                                              for  pid=11863 comm="sperl5.8.5" name="mounts" dev=proc ino=777453584 scontext=                                             user_u:system_r:system_mail_t tcontext=user_u:system_r:system_mail_t tclass=file
Jan 30 20:23:14 drake kernel: audit(1170210194.026:12): avc:  denied  { getatt                                             r } for  pid=11863 comm="sperl5.8.5" name="mounts" dev=proc ino=777453584 sconte                                             xt=user_u:system_r:system_mail_t tcontext=user_u:system_r:system_mail_t tclass=f                                             ile
Jan 30 20:23:15 drake kernel: audit(1170210195.204:13): avc:  denied  { append                                              } for  pid=11863 comm="perl5.8.5" name="qmail-queue.log" dev=hda5 ino=5130271 s                                             context=user_u:system_r:system_mail_t tcontext=system_u:object_r:var_spool_t tcl                                             ass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.204:14): avc:  denied  { ioctl                                              } for  pid=11863 comm="perl5.8.5" name="qmail-queue.log" dev=hda5 ino=5130271 sc                                             ontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:var_spool_t tcla                                             ss=file
Jan 30 20:23:15 drake kernel: audit(1170210195.205:15): avc:  denied  { getatt                                             r } for  pid=11863 comm="perl5.8.5" name="qmail-queue.log" dev=hda5 ino=5130271                                              scontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:var_spool_t tc                                             lass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.206:16): avc:  denied  { read }                                              for  pid=11863 comm="perl5.8.5" name="qmail-scanner-queue-version.txt" dev=hda5                                              ino=5130273 scontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:v                                             ar_spool_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.208:17): avc:  denied  { write                                              } for  pid=11863 comm="perl5.8.5" name="tmp" dev=hda5 ino=5195094 scontext=user_                                             u:system_r:system_mail_t tcontext=system_u:object_r:var_spool_t tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.208:18): avc:  denied  { add_na                                             me } for  pid=11863 comm="perl5.8.5" name="drake.mydomain.com1170210195772118                                             63" scontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:var_spool_                                             t tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.208:19): avc:  denied  { create                                              } for  pid=11863 comm="perl5.8.5" name="drake.mydomain.com117021019577211863                                             " scontext=user_u:system_r:system_mail_t tcontext=user_u:object_r:var_spool_t tc                                             lass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.409:20): avc:  denied  { create                                              } for  pid=11863 comm="perl5.8.5" name="drake.mydomain.com117021019577211863                                             " scontext=user_u:system_r:system_mail_t tcontext=user_u:object_r:var_spool_t tc                                             lass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.410:21): avc:  denied  { ioctl                                              } for  pid=11863 comm="perl5.8.5" name="drake.mydomain.com117021019577211863"                                              dev=hda5 ino=5276868 scontext=user_u:system_r:system_mail_t tcontext=user_u:obj                                             ect_r:var_spool_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.410:22): avc:  denied  { getatt                                             r } for  pid=11863 comm="perl5.8.5" name="drake.mydomain.com11702101957721186                                             3" dev=hda5 ino=5276868 scontext=user_u:system_r:system_mail_t tcontext=user_u:o                                             bject_r:var_spool_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.414:23): avc:  denied  { write                                              } for  pid=11863 comm="perl5.8.5" name="drake.mydomain.com117021019577211863"                                              dev=hda5 ino=5276868 scontext=user_u:system_r:system_mail_t tcontext=user_u:obj                                             ect_r:var_spool_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.418:24): avc:  denied  { link }                                              for  pid=11863 comm="perl5.8.5" name="drake.mydomain.com117021019577211863"                                              dev=hda5 ino=5276868 scontext=user_u:system_r:system_mail_t tcontext=user_u:obje                                             ct_r:var_spool_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.419:25): avc:  denied  { remove                                             _name } for  pid=11863 comm="perl5.8.5" name="drake.mydomain.com1170210195772                                             11863" dev=hda5 ino=5276868 scontext=user_u:system_r:system_mail_t tcontext=syst                                             em_u:object_r:var_spool_t tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.419:26): avc:  denied  { unlink                                              } for  pid=11863 comm="perl5.8.5" name="drake.mydomain.com117021019577211863                                             " dev=hda5 ino=5276868 scontext=user_u:system_r:system_mail_t tcontext=user_u:ob                                             ject_r:var_spool_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.424:27): avc:  denied  { read w                                             rite } for  pid=11864 comm="sh" name="tty" dev=tmpfs ino=1804 scontext=user_u:sy                                             stem_r:system_mail_t tcontext=system_u:object_r:devtty_t tclass=chr_file
Jan 30 20:23:15 drake kernel: audit(1170210195.431:28): avc:  denied  { read }                                              for  pid=11865 comm="sh" name="drake.mydomain.com117021019577211863" dev=hda                                             5 ino=5276868 scontext=user_u:system_r:system_mail_t tcontext=user_u:object_r:va                                             r_spool_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.434:29): avc:  denied  { write                                              } for  pid=11865 comm="reformime" name="drake.mydomain.com117021019577211863"                                              dev=hda5 ino=5408221 scontext=user_u:system_r:system_mail_t tcontext=user_u:obj                                             ect_r:var_spool_t tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.434:30): avc:  denied  { add_na                                             me } for  pid=11865 comm="reformime" name="1170210195.11865-0.drake.mydomain.                                             com" scontext=user_u:system_r:system_mail_t tcontext=user_u:object_r:var_spool_t                                              tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.739:31): avc:  denied  { read }                                              for  pid=11863 comm="perl5.8.5" name="drake.mydomain.com117021019577211863"                                              dev=hda5 ino=5408221 scontext=user_u:system_r:system_mail_t tcontext=user_u:obje                                             ct_r:var_spool_t tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.755:32): avc:  denied  { read }                                              for  pid=11863 comm="perl5.8.5" name="tmp" dev=hda5 ino=4980740 scontext=user_u                                             :system_r:system_mail_t tcontext=system_u:object_r:var_t tclass=lnk_file
Jan 30 20:23:15 drake kernel: audit(1170210195.795:33): avc:  denied  { execut                                             e } for  pid=11867 comm="perl5.8.5" name="find" dev=hda5 ino=5297451 scontext=us                                             er_u:system_r:system_mail_t tcontext=system_u:object_r:file_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.796:34): avc:  denied  { execut                                             e_no_trans } for  pid=11867 comm="perl5.8.5" name="find" dev=hda5 ino=5297451 sc                                             ontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:file_t tclass=fi                                             le
Jan 30 20:23:15 drake kernel: audit(1170210195.796:35): avc:  denied  { read }                                              for  pid=11867 comm="perl5.8.5" name="find" dev=hda5 ino=5297451 scontext=user_                                             u:system_r:system_mail_t tcontext=system_u:object_r:file_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.798:36): avc:  denied  { search                                              } for  pid=11867 comm="find" name="selinux" dev=hda5 ino=557257 scontext=user_u                                             :system_r:system_mail_t tcontext=system_u:object_r:selinux_config_t tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.798:37): avc:  denied  { read }                                              for  pid=11867 comm="find" name="config" dev=hda5 ino=557274 scontext=user_u:sy                                             stem_r:system_mail_t tcontext=user_u:object_r:selinux_config_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.798:38): avc:  denied  { getatt                                             r } for  pid=11867 comm="find" name="config" dev=hda5 ino=557274 scontext=user_u                                             :system_r:system_mail_t tcontext=user_u:object_r:selinux_config_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.860:39): avc:  denied  { read }                                              for  pid=11871 comm="rm" name="qscan" dev=hda5 ino=5130256 scontext=user_u:syst                                             em_r:system_mail_t tcontext=system_u:object_r:var_spool_t tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.860:40): avc:  denied  { remove                                             _name } for  pid=11871 comm="rm" name="1170210195.11865-0.drake.mydomain.com"                                              dev=hda5 ino=5408222 scontext=user_u:system_r:system_mail_t tcontext=user_u:obj                                             ect_r:var_spool_t tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.861:41): avc:  denied  { rmdir                                              } for  pid=11871 comm="rm" name="drake.mydomain.com117021019577211863" dev=hd                                             a5 ino=5408221 scontext=user_u:system_r:system_mail_t tcontext=user_u:object_r:v                                             ar_spool_t tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.873:42): avc:  denied  { sigchl                                             d } for  pid=1 comm="init" scontext=user_u:system_r:system_mail_t tcontext=user_                                             u:system_r:unconfined_t tclass=process

Any directions to fix this?

Thanks!


------------------------------------------------------
Mutuo da 200.000 €? Tassi ridotti da 4.25%. Solo per richieste online. Mutuionline.it
http://click.libero.it/mutuionline31ge07






More information about the fedora-selinux-list mailing list