Avc messages about awstats.pl and some mailmain commands

Tue Oct 30 11:32:12 UTC 2007

Hi,

in one of the servers where is installed fedora 6, i get some avc
messages, that i don't know why they appear and how is the right wat to
fix them - don't audit, or to allow them.

The messages from the logs are related with awstats. It is installed on
the server and using for statistics for some web sites. Also some
messages are related to mailmain. What can i do to fix this kind of
messages?

The messages are these:

Oct 21 13:16:08 casamerica kernel: audit(1192965368.811:2780): avc:
denied  { read write } for  pid=32746 comm="listinfo" name="" dev=sockfs
ino=14911345 scontext=user_u:system_r:mailman_cgi_t:s0
tcontext=user_u:system_r:httpd_t:s0 tclass=unix_stream_socket

Oct 21 17:30:59 casamerica kernel: audit(1192980659.987:2781): avc:
denied  { read write } for  pid=2111 comm="listinfo" name="" dev=sockfs
ino=15003495 scontext=user_u:system_r:mailman_cgi_t:s0
tcontext=user_u:system_r:httpd_t:s0 tclass=unix_stream_socket

Oct 21 18:48:55 casamerica kernel: audit(1192985335.997:2782): avc:
denied  { read write } for  pid=2742 comm="admin" name="" dev=sockfs
ino=15037931 scontext=user_u:system_r:mailman_cgi_t:s0
tcontext=user_u:system_r:httpd_t:s0 tclass=unix_stream_socket

Oct 21 20:29:59 casamerica kernel: audit(1192991399.010:2783): avc:
denied  { read write } for  pid=3539 comm="listinfo" name="" dev=sockfs
ino=15143224 scontext=user_u:system_r:mailman_cgi_t:s0
tcontext=user_u:system_r:httpd_t:s0 tclass=unix_stream_socket

Oct 21 20:33:13 casamerica kernel: audit(1192991593.143:2784): avc:
denied  { read write } for  pid=3598 comm="confirm" name="" dev=sockfs
ino=15159312 scontext=user_u:system_r:mailman_cgi_t:s0
tcontext=user_u:system_r:httpd_t:s0 tclass=unix_stream_socket

Oct 21 20:56:58 casamerica kernel: audit(1192993018.053:2785): avc:
denied  { create } for  pid=3721 comm="awstats.pl"
scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=user_u:system_r:httpd_sys_script_t:s0 tclass=udp_socket

Oct 21 20:56:58 casamerica kernel: audit(1192993018.053:2786): avc:
denied  { connect } for  pid=3721 comm="awstats.pl"
scontext=user_u:system_r:httpd_sys_script_t:s0 tcontext=
user_u:system_r:httpd_sys_script_t:s0 tclass=udp_socket

Oct 21 20:56:58 casamerica kernel: audit(1192993018.054:2787): avc:
denied  { write } for  pid=3721 comm="awstats.pl" laddr=87.106.8.16
lport=52760 faddr=87.106.8.251 fport=53
scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=user_u:system_r:httpd_sys_script_t:s0 tclass=udp_socket

Oct 21 20:56:58 casamerica kernel: audit(1192993018.054:2788): avc:
denied  { udp_send } for  pid=3721 comm="awstats.pl" saddr=87.106.8.16
src=52760 daddr=87.106.8.251 dest=53 
netif=eth0 scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=system_u:object_r:netif_t:s0 tclass=netif

Oct 21 20:56:58 casamerica kernel: audit(1192993018.054:2789): avc:
denied  { udp_send } for  pid=3721 comm="awstats.pl" saddr=87.106.8.16
src=52760 daddr=87.106.8.251 dest=53 
netif=eth0 scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=system_u:object_r:node_t:s0 tclass=node

Oct 21 20:56:58 casamerica kernel: audit(1192993018.054:2790): avc:
denied  { send_msg } for  pid=3721 comm="awstats.pl" saddr=87.106.8.16
src=52760 daddr=87.106.8.251 dest=53 
netif=eth0 scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=system_u:object_r:dns_port_t:s0 tclass=udp_socket

Oct 28 17:29:00 hermod kernel: audit(1193588940.609:7): avc:  denied
{ search } for  pid=996 comm="python" name="log" dev=dm-0 ino=57212956
scontext=system_u:system_r:postfix_local_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=dir

Oct 28 17:45:38 hermod kernel: audit(1193589938.861:8): avc:  denied
{ search } for  pid=1774 comm="python" name="log" dev=dm-0 ino=57212956
scontext=system_u:system_r:postfix_local_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=dir

the last messages for python try to access /var/log, but i get these
messages.

What is the best decision to solve these audits? I'm trying to
understand selinux principles and try to moving the server to enforce
mode.

Thanks in advanced!