avc Dead-Letter? Fedora 10
Daniel J Walsh
dwalsh at redhat.com
Wed Jan 7 21:04:01 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Howarth wrote:
> On Sun, 04 Jan 2009 14:35:49 -0500
> Daniel J Walsh <dwalsh at redhat.com> wrote:
>> The problem here looks like logwatch did not transition to
>> system_mail_t when running sendmail.
>
> Funnily enough I've had a similar issue with logrotate not
> transitioning to squid_t on Fedora 10:
>
> type=AVC msg=audit(1231041733.717:646): avc: denied { read } for
> pid=6892 comm="squid" name="squid.conf" dev=dm-6 ino=147637
> scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:squid_conf_t:s0 tclass=file type=SYSCALL
> msg=audit(1231041733.717:646): arch=c000003e syscall=2 success=no
> exit=-13 a0=7f8b4a6bb260 a1=0 a2=1b6 a3=7f8b48be47b0 items=0 ppid=6891
> pid=6892 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> tty=(none) ses=101 comm="squid" exe="/usr/sbin/squid"
> subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)
>
> The result of this is the following email when logrotate runs:
>
> /etc/cron.daily/logrotate:
>
> 2009/01/04 04:02:13| ALERT: initgroups: unable to set groups for User
> squid and Group 0 FATAL: Unable to open configuration
> file: /etc/squid/squid.conf: (13) Permission denied Squid Cache
> (Version 3.0.STABLE10): Terminated abnormally. CPU Usage: 0.032 seconds
> = 0.009 user + 0.023 sys Maximum Resident Size: 0 KB
> Page faults with physical i/o: 25
>
> Paul.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Latest policy should have the squid_domtrans back.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkllGMEACgkQrlYvE4MpobNdDwCgv7fu8wL9vl+umrWBVwxoyk4A
17wAoIQxQHeEzjvf2CHoXYxevH8uYP18
=Rbuu
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list