Strange Mailman/Sendmail Audit messages in Fedora-10?
Derek Atkins
warlord at MIT.EDU
Sun Feb 8 20:49:27 UTC 2009
Hey,
I'm working on getting a new Fedora-10 server up and running. I've
set up mailman and have lists configured. Mail even seems to be
flowing, but for some reason I'm getting a strange audit message on
each incoming message. I find it interesting that there are three
unix_socket AVCs and I have three milters connected to sendmail.
The settroubleshoot viewer gives me the following information.
I'm hoping someone could help me understand these log messages,
and maybe help me make them go away?
Thanks,
-derek
Summary
SELinux is preventing mailman (mailman_mail_t) "read write" sendmail_t.
Detailed Description
SELinux denied access requested by mailman. It is not expected that this access is required by mailman and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access
You can generate a local policy module to allow this access - see FAQ
Or you can disable SELinux protection altogether. Disabling SELinux
protection is not recommended. Please file a bug report against this
package.
Additional Information
Source Context: system_u:system_r:mailman_mail_t:s0
Target Context: system_u:system_r:sendmail_t:s0
Target Objects: socket [ unix_stream_socket ]
Source: mailman
Source Path: /usr/lib/mailman/mail/mailman
Port: <Unknown>
Host: <redacted>
Source RPM Packages: mailman-2.1.11-3.fc10
Target RPM Packages:
Policy RPM: selinux-policy-3.5.13-41.fc10
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: catchall
Host Name: code.gnucash.org
Platform: Linux code.gnucash.org 2.6.27.12-170.2.5.fc10.i686 #1 SMP Wed Jan 21 02:09:37 EST 2009 i686 athlon
Alert Count: 1
First Seen: Sun 08 Feb 2009 11:28:40 AM EST
Last Seen: Sun 08 Feb 2009 03:04:01 PM EST
Local ID: 606e93dc-55fc-4454-acfa-1081a87deb63
Line Numbers:
Raw Audit Messages :
node=code.gnucash.org type=AVC msg=audit(1234123441.829:421): avc:
denied { read write } for pid=17455 comm="mailman"
path="socket:[105075]" dev=sockfs ino=105075
scontext=system_u:system_r:mailman_mail_t:s0
tcontext=system_u:system_r:sendmail_t:s0 tclass=unix_stream_socket
node=code.gnucash.org type=AVC msg=audit(1234123441.829:421): avc:
denied { read write } for pid=17455 comm="mailman"
path="socket:[105077]" dev=sockfs ino=105077
scontext=system_u:system_r:mailman_mail_t:s0
tcontext=system_u:system_r:sendmail_t:s0 tclass=unix_stream_socket
node=code.gnucash.org type=AVC msg=audit(1234123441.829:421): avc:
denied { read write } for pid=17455 comm="mailman"
path="socket:[105079]" dev=sockfs ino=105079
scontext=system_u:system_r:mailman_mail_t:s0
tcontext=system_u:system_r:sendmail_t:s0 tclass=unix_stream_socket
node=code.gnucash.org type=SYSCALL msg=audit(1234123441.829:421):
arch=40000003 syscall=11 success=yes exit=0 a0=8d42e38 a1=8d42f20
a2=8d42508 a3=0 items=0 ppid=17454 pid=17455 auid=4294967295 uid=8
gid=12 euid=8 suid=8 fsuid=8 egid=41 sgid=41 fsgid=41 tty=(none)
ses=4294967295 comm="mailman" exe="/usr/lib/mailman/mail/mailman"
subj=system_u:system_r:mailman_mail_t:s0 key=(null)
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the fedora-selinux-list
mailing list