AVCs with spamd (F10)

Brian Chadwick brian at brianac.com.au
Wed Mar 11 06:17:48 UTC 2009 

Hi,

Fedora 10. A number of AVCs are occurring with my use of spamassassin.

For some spamd seems to want to access /home .. is this right?



Raw Audit Messages           

node=admin.brianac.com.au type=AVC msg=audit(1236681698.7:20): avc:  
denied  { read } for  pid=3148 comm="spamd" name=".razor" dev=sda3 
ino=198361 scontext=system_u:system_r:spamd_t:s0 
tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=dir

node=admin.brianac.com.au type=SYSCALL msg=audit(1236681698.7:20): 
arch=40000003 syscall=5 success=yes exit=9 a0=9bb07c4 a1=98800 a2=2 
a3=927d0d4 items=0 ppid=1 pid=3148 auid=4294967295 uid=0 gid=0 euid=0 
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 
comm="spamd" exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 
key=(null)



Raw Audit Messages           

node=admin.brianac.com.au type=AVC msg=audit(1236681698.7:21): avc:  
denied  { read } for  pid=3148 comm="spamd" 
name="server.c302.cloudmark.com.conf" dev=sda3 ino=198151 
scontext=system_u:system_r:spamd_t:s0 
tcontext=system_u:object_r:admin_home_t:s0 tclass=file

node=admin.brianac.com.au type=SYSCALL msg=audit(1236681698.7:21): 
arch=40000003 syscall=5 success=yes exit=9 a0=9bba88c a1=8000 a2=0 
a3=8000 items=0 ppid=1 pid=3148 auid=4294967295 uid=0 gid=0 euid=0 
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 
comm="spamd" exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 
key=(null)


Raw Audit Messages           

node=admin.brianac.com.au type=AVC msg=audit(1236681697.863:14): avc:  
denied  { append } for  pid=3148 comm="spamd" name="razor-agent.log" 
dev=sda3 ino=199151 scontext=system_u:system_r:spamd_t:s0 
tcontext=system_u:object_r:admin_home_t:s0 tclass=file

node=admin.brianac.com.au type=SYSCALL msg=audit(1236681697.863:14): 
arch=40000003 syscall=5 success=yes exit=8 a0=9bb0f14 a1=8441 a2=1b6 
a3=8441 items=0 ppid=1 pid=3148 auid=4294967295 uid=0 gid=0 euid=0 
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 
comm="spamd" exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 
key=(null)



Raw Audit Messages           

node=admin.brianac.com.au type=AVC msg=audit(1236681697.879:15): avc:  
denied  { ioctl } for  pid=3148 comm="spamd" 
path="/root/.razor/razor-agent.log" dev=sda3 ino=199151 
scontext=system_u:system_r:spamd_t:s0 
tcontext=system_u:object_r:admin_home_t:s0 tclass=file

node=admin.brianac.com.au type=SYSCALL msg=audit(1236681697.879:15): 
arch=40000003 syscall=54 success=no exit=-25 a0=8 a1=5401 a2=bfa0c9d8 
a3=bfa0ca18 items=0 ppid=1 pid=3148 auid=4294967295 uid=0 gid=0 euid=0 
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 
comm="spamd" exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 
key=(null)




Raw Audit Messages           

node=admin.brianac.com.au type=AVC msg=audit(1236681697.985:17): avc:  
denied  { read } for  pid=3148 comm="spamd" name="servers.discovery.lst" 
dev=sda3 ino=198364 scontext=system_u:system_r:spamd_t:s0 
tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file

node=admin.brianac.com.au type=SYSCALL msg=audit(1236681697.985:17): 
arch=40000003 syscall=5 success=yes exit=9 a0=9bb6bec a1=8000 a2=0 
a3=8000 items=0 ppid=1 pid=3148 auid=4294967295 uid=0 gid=0 euid=0 
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 
comm="spamd" exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 
key=(null)



Raw Audit Messages           

node=admin.brianac.com.au type=AVC msg=audit(1236681697.879:16): avc:  
denied  { getattr } for  pid=3148 comm="spamd" 
path="/root/.razor/razor-agent.log" dev=sda3 ino=199151 
scontext=system_u:system_r:spamd_t:s0 
tcontext=system_u:object_r:admin_home_t:s0 tclass=file

node=admin.brianac.com.au type=SYSCALL msg=audit(1236681697.879:16): 
arch=40000003 syscall=197 success=yes exit=0 a0=8 a1=81d6060 a2=7ccff4 
a3=0 items=0 ppid=1 pid=3148 auid=4294967295 uid=0 gid=0 euid=0 suid=0 
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="spamd" 
exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)


Raw Audit Messages           

node=admin.brianac.com.au type=AVC msg=audit(1236681697.986:18): avc:  
denied  { ioctl } for  pid=3148 comm="spamd" 
path="/root/.razor/servers.discovery.lst" dev=sda3 ino=198364 
scontext=system_u:system_r:spamd_t:s0 
tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file

node=admin.brianac.com.au type=SYSCALL msg=audit(1236681697.986:18): 
arch=40000003 syscall=54 success=no exit=-25 a0=9 a1=5401 a2=bfa0c9d8 
a3=bfa0ca18 items=0 ppid=1 pid=3148 auid=4294967295 uid=0 gid=0 euid=0 
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 
comm="spamd" exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 
key=(null)



Raw Audit Messages           

node=admin.brianac.com.au type=AVC msg=audit(1236681697.986:19): avc:  
denied  { getattr } for  pid=3148 comm="spamd" 
path="/root/.razor/servers.discovery.lst" dev=sda3 ino=198364 
scontext=system_u:system_r:spamd_t:s0 
tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file

node=admin.brianac.com.au type=SYSCALL msg=audit(1236681697.986:19): 
arch=40000003 syscall=197 success=yes exit=0 a0=9 a1=81d6060 a2=7ccff4 
a3=0 items=0 ppid=1 pid=3148 auid=4294967295 uid=0 gid=0 euid=0 suid=0 
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="spamd" 
exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)

More information about the fedora-selinux-list mailing list