Strange Mailman/Sendmail Audit messages in Fedora-10?
Daniel J Walsh
dwalsh at redhat.com
Tue Feb 10 14:19:31 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Daniel J Walsh wrote:
> Derek Atkins wrote:
>> Paul,
>
>> Quoting Paul Howarth <paul at city-fan.org>:
>
>>>> [snip]
>>>>> Do your milters exec other programs? There are a couple of sockets
>>>> I don't think so, but I don't know. I'm using clamav-milter,
>>>> spamass-milter, and milter-sender. I'm pretty sure that the
>>>> latter doesn't fork/exec. I don't know about clamav or spamass.
>>> spamass-milter forks and execs sendmail to deliver spam if you use the
>>> "-b" option - that's how I discovered the problem.
>> Thanks. But I'm not using the -b option. It's run with:
>
>> -p /path/to/sock -P /path/to/pid -m -r 5 -i ...
>
>>> The audit log entries you posted suggest that mailman inherited a
>>> socket descriptor from sendmail.
>> I believe that.. Yet it doesn't look like it actually stopped anything
>> from happening.. The mail seemed to flow okay. But it would be
>> nice to fix this. I don't like getting audit warnings. Maybe sendmail
>> is leaking fds as you suggest? Should I file a bug with fedora
>> about this?
>
>> [snip]
>>>> Okay, how would I do that?
>>> You'll need to create a local policy module. I'd do it this way:
>>>
>> [instructions snipped]
>
>> Thanks, Paul. I'll consider doing this.
>
>> Is there any easy way to figure out what's connected to the sockets
>> that it's complaining about? I certainly can't find anything via
>> lsof or netstat -a. Most likely because the sockets get closed
>> before I see the audit message and try to track it down.
>
>>> Cheers, Paul.
>> And to you! Thanks.
>
>> -derek
>
> Yes any leaked file descriptors should be reported.
Actually Paul's response is better then mine.
- --
fedora-selinux-list mailing list
fedora-selinux-list at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmRjPMACgkQrlYvE4MpobPRbgCfSrn+ZRBBFWYlLZYlUy4wD5w3
bwwAnRA/WWkXDY6eH2eTAz9Ug6J7Hcto
=Ue3T
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list