postfix, procmail and SELinux - No Go
Marc Schwartz (via MN)
mschwartz at mn.rr.com
Tue Jun 20 18:10:36 UTC 2006
On Tue, 2006-06-20 at 11:27 -0500, Marc Schwartz (via MN) wrote:
> On Tue, 2006-06-20 at 16:59 +0100, Paul Howarth wrote:
> > > BTW, I am now getting the following messages with avclist, since the
> > > loading of the updated policies today:
> > >
> > > type=AVC msg=audit(1150817767.142:753): avc: denied { getattr } for pid=2268 comm="spamd" name="pyzor" dev=hdc7 ino=3140757 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:pyzor_exec_t:s0 tclass=file
> > > type=SYSCALL msg=audit(1150817767.142:753): arch=40000003 syscall=195 success=no exit=-13 a0=a22fb98 a1=92360c8 a2=4891eff4 a3=a22fb98 items=1 pid=2268 auid=4294967295 uid=0 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 comm="spamd" exe="/usr/bin/perl"type=AVC_PATH msg=audit(1150817767.142:753): path="/usr/bin/pyzor"
> > > type=CWD msg=audit(1150817767.142:753): cwd="/"
> > > type=PATH msg=audit(1150817767.142:753): item=0 name="/usr/bin/pyzor" flags=1 inode=3140757 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00
> > > type=AVC msg=audit(1150817767.142:754): avc: denied { getattr } for pid=2268 comm="spamd" name="pyzor" dev=hdc7 ino=3140757 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:pyzor_exec_t:s0 tclass=file
> > > type=SYSCALL msg=audit(1150817767.142:754): arch=40000003 syscall=195 success=no exit=-13 a0=a22fb98 a1=92360c8 a2=4891eff4 a3=a22fb98 items=1 pid=2268 auid=4294967295 uid=0 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 comm="spamd" exe="/usr/bin/perl"type=AVC_PATH msg=audit(1150817767.142:754): path="/usr/bin/pyzor"
> > > type=CWD msg=audit(1150817767.142:754): cwd="/"
> > > type=PATH msg=audit(1150817767.142:754): item=0 name="/usr/bin/pyzor" flags=1 inode=3140757 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00
> >
> > Is pyzor working though?
> >
> > Maybe these can be dontaudit-ed if that's the case.
>
> As Murphy's Law would dictate, no spam with pyzor hits since updating
> the policies. The two or three that I have had so far, have no hits on
> any of the remote tests.
>
> As soon as I can confirm, I will post back.
>
> Thanks,
>
> Marc
Just to confirm that Pyzor, Razor2 and DCC are indeed working.
So perhaps these msgs can be dontaudit-ed.
Marc
More information about the selinux
mailing list