mount and context translations
by Paul Howarth
I found that fstab entries like these:
/srv/softlib/fedora/stentz/FC4-i386-DVD.iso /srv/softlib/fedora/stentz/dvd iso9660 ro,loop,fscontext=system_u:object_r:public_content_t 0 0
weren't working at boot time but would work if I did "mount
-a" (unconfined).
The fix:
policy_module(localmisc, 0.0.2)
require {
type mount_t;
type security_t;
}
# Allow mount to do context translations
allow mount_t security_t:dir search;
allow mount_t security_t:file read;
Paul.
17 years, 8 months
package review?
by Michael Thomas
A few packages (game server daemons) that I maintain in Fedora Extras
would benefit from having a selinux security policy available. But
since I'm new to writing selinux policies, I was hoping that someone
from f-s-l could take a peek at what I did and let me know if I've done
things correctly and in the 'recommended' way.
I've already tested the policy on FC5 to make sure that it works and
produces no 'avc denied' messages:
http://www.kobold.org/~wart/fedora/crossfire-1.9.1-2.src.rpm
I wasn't sure exactly which networking rules I would need. Most of the
ones there were generated by policygentool. I also couldn't figure out
why some of the rules at the end of crossfire.te were necessary.
Thanks in advance!
--Mike
17 years, 8 months
Directories for policy module packages
by Paul Howarth
Now that RPM packages are starting to include policy module packages (my
mod_fcgid package was approved for Extras recently:
http://bugzilla.redhat.com/195666), it would be nice to have a standard
place for the .pp files to be dropped, and for that directory to be
owned by the selinux-policy package (so that all the packages don't need
to own it themselves).
I propose the following:
/usr/share/selinux/packages
(container directory, separate from modules bundled with Core package)
/usr/share/selinux/packages/mls
(policy modules for use with the mls base policy)
/usr/share/selinux/packages/strict
(policy modules for use with the strict base policy)
/usr/share/selinux/packages/targeted
(policy modules for use with the targeted base policy)
/usr/share/selinux/packages/share
(policy modules that have no base-specific elements, and can be used
with all base policies)
Paul.
17 years, 8 months
Re: postfix, clamv, amavisd-new, spamassassin
by John Griffiths
I still notice lots of AVCs in the messages log regarding postfix,
clamv, amavisd-new, spamassassin.
I am using selinux-policy-targeted-2.3.2-1.fc5 and
selinux-policy-2.3.2-1.fc5.
In order to get amavisd-new and clamscan to work with these selinux
versions, the booleans for clamscan_disable_trans and
amavis_disable_trans have to be set to on. I have noticed a lot of
traffic on the list regarding postfix, procmail, integration. Maybe the
policies being developed could be expanded upon to take care of the
postfix, amavis-new, clamv, spamassassin case.
I ran the AVCs through audit2allow and came up with the rules. Here are
the rules followed by the causing AVC:
allow amavis_t clamd_var_run_t:sock_file write;
Jul 26 18:43:18 somehostname kernel: audit(1153953798.370:869):
avc: denied { write } for pid=17186 comm="amavisd"
name="clamd.sock" dev=dm-0 ino=1333000
scontext=root:system_r:amavis_t:s0
tcontext=root:object_r:clamd_var_run_t:s0 tclass=sock_file
allow amavis_t postfix_etc_t:dir search;
Jul 25 16:26:56 somehostname kernel: audit(1153859216.437:772):
avc: denied { search } for pid=4207 comm="amavisd"
name="postfix" dev=dm-0 ino=359267
scontext=root:system_r:amavis_t:s0
tcontext=system_u:object_r:postfix_etc_t:s0 tclass=dir
allow amavis_t razor_port_t:tcp_socket name_connect;
Jul 26 16:42:14 somehostname kernel: audit(1153946534.516:865):
avc: denied { name_connect } for pid=17183 comm="amavisd"
dest=2703 scontext=root:system_r:amavis_t:s0
tcontext=system_u:object_r:razor_port_t:s0 tclass=tcp_socket
allow clamd_t amavis_var_run_t:dir search;
Jul 27 14:31:14 somehostname kernel: audit(1154025074.534:1208):
avc: denied { search } for pid=26308 comm="clamd.amavisd"
name="amavisd" dev=dm-0 ino=1334115
scontext=root:system_r:clamd_t:s0
tcontext=system_u:object_r:amavis_var_run_t:s0 tclass=dir
allow clamd_t sysctl_kernel_t:dir search;
Jul 27 14:31:11 somehostname kernel: audit(1154025071.062:1206):
avc: denied { search } for pid=26307 comm="clamd.amavisd"
scontext=root:system_r:clamd_t:s0
tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
allow clamd_t sysctl_t:dir search;
Jul 27 14:31:11 somehostname kernel: audit(1154025071.062:1207):
avc: denied { search } for pid=26307 comm="clamd.amavisd"
name="sys" dev=proc ino=-268435429
scontext=root:system_r:clamd_t:s0
tcontext=system_u:object_r:sysctl_t:s0 tclass=dir
allow postfix_cleanup_t bin_t:file getattr;
Jul 26 14:10:52 somehostname kernel: audit(1153937452.370:819):
avc: denied { getattr } for pid=15469 comm="sh" name="sleep"
dev=dm-0 ino=1299281
scontext=root:system_r:postfix_cleanup_t:s0-s0:c0.c255
tcontext=system_u:object_r:bin_t:s0 tclass=file
allow postfix_local_t clamd_var_lib_t:dir search;
Jul 26 08:10:16 somehostname kernel: audit(1153915816.342:802):
avc: denied { search } for pid=13112 comm="local"
name="clamav" dev=dm-0 ino=1334110
scontext=root:system_r:postfix_local_t:s0
tcontext=system_u:object_r:clamd_var_lib_t:s0 tclass=dir
allow postfix_map_t nscd_var_run_t:dir search;
Jul 25 11:41:37 somehostname kernel: audit(1153842097.261:264):
avc: denied { search } for pid=8233 comm="postmap"
name="nscd" dev=dm-0 ino=1332052
scontext=root:system_r:postfix_map_t:s0-s0:c0.c255
tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
allow postfix_pickup_t bin_t:file getattr;
Jul 26 14:06:34 somehostname kernel: audit(1153937194.032:816):
avc: denied { getattr } for pid=15411 comm="sh" name="sleep"
dev=dm-0 ino=1299281
scontext=root:system_r:postfix_pickup_t:s0-s0:c0.c255
tcontext=system_u:object_r:bin_t:s0 tclass=file
allow postfix_qmgr_t bin_t:file getattr;
Jul 26 14:06:34 somehostname kernel: audit(1153937194.036:817):
avc: denied { getattr } for pid=15409 comm="sh" name="sleep"
dev=dm-0 ino=1299281
scontext=root:system_r:postfix_qmgr_t:s0-s0:c0.c255
tcontext=system_u:object_r:bin_t:s0 tclass=file
allow postfix_smtpd_t bin_t:file getattr;
Jul 26 14:08:02 somehostname kernel: audit(1153937282.152:818):
avc: denied { getattr } for pid=15433 comm="sh" name="sleep"
dev=dm-0 ino=1299281
scontext=root:system_r:postfix_smtpd_t:s0-s0:c0.c255
tcontext=system_u:object_r:bin_t:s0 tclass=file
allow semanage_t postfix_etc_t:dir search;
Jul 27 14:29:59 somehostname kernel: audit(1154024994.164:1204):
avc: denied { search } for pid=26252 comm="genhomedircon"
name="postfix" dev=dm-0 ino=359267
scontext=root:system_r:semanage_t:s0-s0:c0.c255
tcontext=system_u:object_r:postfix_etc_t:s0 tclass=dir
allow spamd_t postfix_etc_t:dir search;
Jul 27 14:31:21 somehostname kernel: audit(1154025077.106:1430):
avc: denied { search } for pid=26384 comm="spamd"
name="postfix" dev=dm-0 ino=359267
scontext=root:system_r:spamd_t:s0
tcontext=system_u:object_r:postfix_etc_t:s0 tclass=dir
allow spamd_t root_t:dir write;
Jul 27 14:31:21 somehostname kernel: audit(1154025078.575:1431):
avc: denied { write } for pid=26386 comm="spamd" name="/"
dev=dm-0 ino=2 scontext=root:system_r:spamd_t:s0
tcontext=system_u:object_r:root_t:s0 tclass=dir
allow spamd_t user_home_dir_t:dir write;
Jul 27 14:31:21 somehostname kernel: audit(1154025078.575:1432):
avc: denied { write } for pid=26386 comm="spamd" name="root"
dev=dm-0 ino=292321 scontext=root:system_r:spamd_t:s0
tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
The configuration for postfix, anavisd-new, clamv, and spamassassin are
pretty plain vanilla with the only changes to configuration files being
those necessary for host and to enable the content filter in postfix
using the modifications outlined in the README.fedora and README.postfix
for amavisd-new.
Regards,
John
17 years, 8 months
firefox policy 2
by Peter Pun
Hi All,
Is there a way to specify in a policy so that files created by firefox are
automatically labelled as particular type? When a user starting up firefox
for the first time and it creates the .mozilla dir. How can that .mozilla
dir and contents be automatically labeled ? Or should I write a "make-new
user" script that somehow starts a gnome-session for him, runs firefox and
then label the .mozilla dir?
Peter
17 years, 8 months
20060726 rawhide setroubleshoot error
by Jay Cliburn
From /var/log/messages
Jul 26 08:50:05 osprey setroubleshoot: 2006-07-26 08:50:05,204
[avc.ERROR] Type exception plugins.default: iterable argument required
Traceback (most recent call last): File
"/usr/lib/audit/setroubleshoot_dispatcher", line 28, in run
if plugin.analyze(avc): File
"/usr/share/setroubleshoot/plugins/default.py", line 45, in analyze
if "path" in avc: TypeError: iterable argument required
[root@osprey ~]# rpm -q setroubleshoot audit
setroubleshoot-0.14-1
audit-1.2.5-4
The odd thing is, I've disabled setroubleshoot from running at boot.
[root@osprey ~]# chkconfig --list | grep setroubleshoot
setroubleshoot 0:off 1:off 2:off 3:off 4:off 5:off 6:off
17 years, 8 months
setroubshoot...neat popup!
by Tom London
Wow... Got neat popup and icon in notification area! Cool.
Message may be a bit misleading, though. The following yielded a
message about not being able to load a new policy, and that I should
change secure_mode_policyload to 0 (it already is).
Messages generated during yumex update of today's packages.
tom
type=AVC msg=audit(1153835929.352:30): avc: granted { load_policy }
for pid=3362 comm="load_policy"
scontext=system_u:system_r:load_policy_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=security
type=MAC_POLICY_LOAD msg=audit(1153835929.352:30): policy loaded auid=500
type=SYSCALL msg=audit(1153835929.352:30): arch=40000003 syscall=4
success=yes exit=892854 a0=4 a1=b7e16000 a2=d9fb6 a3=bfc9fe48 items=0
ppid=3361 pid=3362 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 comm="load_policy" exe="/usr/sbin/load_policy"
subj=system_u:system_r:load_policy_t:s0 key=(null)
type=AVC msg=audit(1153835929.528:31): avc: denied { dac_override }
for pid=1947 comm="python" capability=1
scontext=system_u:system_r:setroubleshoot_t:s0
tcontext=system_u:system_r:setroubleshoot_t:s0 tclass=capability
type=SYSCALL msg=audit(1153835929.528:31): arch=40000003 syscall=33
success=no exit=-13 a0=9aa1848 a1=2 a2=966a64 a3=0 items=1 ppid=1886
pid=1947 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="python" exe="/usr/bin/python"
subj=system_u:system_r:setroubleshoot_t:s0 key=(null)
type=CWD msg=audit(1153835929.528:31): cwd="/"
type=PATH msg=audit(1153835929.528:31): item=0 name="/var/lib/rpm"
inode=2785283 dev=fd:00 mode=040755 ouid=37 ogid=37 rdev=00:00
obj=system_u:object_r:rpm_var_lib_t:s0
type=AVC msg=audit(1153835929.532:32): avc: denied { dac_override }
for pid=1947 comm="python" capability=1
scontext=system_u:system_r:setroubleshoot_t:s0
tcontext=system_u:system_r:setroubleshoot_t:s0 tclass=capability
type=SYSCALL msg=audit(1153835929.532:32): arch=40000003 syscall=33
success=no exit=-13 a0=9ad4a38 a1=2 a2=966a64 a3=0 items=1 ppid=1886
pid=1947 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="python" exe="/usr/bin/python"
subj=system_u:system_r:setroubleshoot_t:s0 key=(null)
type=CWD msg=audit(1153835929.532:32): cwd="/"
type=PATH msg=audit(1153835929.532:32): item=0 name="/var/lib/rpm"
inode=2785283 dev=fd:00 mode=040755 ouid=37 ogid=37 rdev=00:00
obj=system_u:object_r:rpm_var_lib_t:s0
type=AVC msg=audit(1153835929.540:33): avc: granted { load_policy }
for pid=3362 comm="load_policy"
scontext=system_u:system_r:load_policy_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=security
type=SYSCALL msg=audit(1153835929.540:33): arch=40000003 syscall=4
success=yes exit=2 a0=4 a1=bfca0f16 a2=2 a3=0 items=0 ppid=3361
pid=3362 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts0 comm="load_policy" exe="/usr/sbin/load_policy"
subj=system_u:system_r:load_policy_t:s0 key=(null)
type=AVC msg=audit(1153835931.544:34): avc: denied { dac_override }
for pid=1947 comm="python" capability=1
scontext=system_u:system_r:setroubleshoot_t:s0
tcontext=system_u:system_r:setroubleshoot_t:s0 tclass=capability
type=SYSCALL msg=audit(1153835931.544:34): arch=40000003 syscall=33
success=no exit=-13 a0=9aa5470 a1=2 a2=966a64 a3=0 items=1 ppid=1886
pid=1947 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="python" exe="/usr/bin/python"
subj=system_u:system_r:setroubleshoot_t:s0 key=(null)
type=CWD msg=audit(1153835931.544:34): cwd="/"
type=PATH msg=audit(1153835931.544:34): item=0 name="/var/lib/rpm"
inode=2785283 dev=fd:00 mode=040755 ouid=37 ogid=37 rdev=00:00
obj=system_u:object_r:rpm_var_lib_t:s0
type=AVC msg=audit(1153835931.544:35): avc: denied { dac_override }
for pid=1947 comm="python" capability=1
scontext=system_u:system_r:setroubleshoot_t:s0
tcontext=system_u:system_r:setroubleshoot_t:s0 tclass=capability
type=SYSCALL msg=audit(1153835931.544:35): arch=40000003 syscall=33
success=no exit=-13 a0=9a91000 a1=2 a2=966a64 a3=0 items=1 ppid=1886
pid=1947 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="python" exe="/usr/bin/python"
subj=system_u:system_r:setroubleshoot_t:s0 key=(null)
type=CWD msg=audit(1153835931.544:35): cwd="/"
type=PATH msg=audit(1153835931.544:35): item=0 name="/var/lib/rpm"
inode=2785283 dev=fd:00 mode=040755 ouid=37 ogid=37 rdev=00:00
obj=system_u:object_r:rpm_var_lib_t:s0
type=AVC msg=audit(1153835931.552:36): avc: denied { dac_override }
for pid=1947 comm="python" capability=1
scontext=system_u:system_r:setroubleshoot_t:s0
tcontext=system_u:system_r:setroubleshoot_t:s0 tclass=capability
type=SYSCALL msg=audit(1153835931.552:36): arch=40000003 syscall=33
success=no exit=-13 a0=9aa14d0 a1=2 a2=966a64 a3=0 items=1 ppid=1886
pid=1947 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="python" exe="/usr/bin/python"
subj=system_u:system_r:setroubleshoot_t:s0 key=(null)
type=CWD msg=audit(1153835931.552:36): cwd="/"
type=PATH msg=audit(1153835931.552:36): item=0 name="/var/lib/rpm"
inode=2785283 dev=fd:00 mode=040755 ouid=37 ogid=37 rdev=00:00
obj=system_u:object_r:rpm_var_lib_t:s0
type=AVC msg=audit(1153835931.552:37): avc: denied { dac_override }
for pid=1947 comm="python" capability=1
scontext=system_u:system_r:setroubleshoot_t:s0
tcontext=system_u:system_r:setroubleshoot_t:s0 tclass=capability
type=SYSCALL msg=audit(1153835931.552:37): arch=40000003 syscall=33
success=no exit=-13 a0=9aea538 a1=2 a2=966a64 a3=0 items=1 ppid=1886
pid=1947 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="python" exe="/usr/bin/python"
subj=system_u:system_r:setroubleshoot_t:s0 key=(null)
type=CWD msg=audit(1153835931.552:37): cwd="/"
type=PATH msg=audit(1153835931.552:37): item=0 name="/var/lib/rpm"
inode=2785283 dev=fd:00 mode=040755 ouid=37 ogid=37 rdev=00:00
obj=system_u:object_r:rpm_var_lib_t:s0
--
Tom London
17 years, 8 months
problems with latest mls policy
by Stefan
Hi,
since an update of the mls came out I have a problem loading a policy
which worked correctly before the update.
[data.te]
policy_module(data,1.0.2)
gen_require(`
type user_t, staff_t, smbd_t, snmpd_t;
')
type data_t;
files_type(data_t);
allow user_t data_t:dir { getattr read };
allow user_t data_t:file { getattr read };
allow staff_t data_t:dir { create rmdir rw_dir_perms setattr };
allow staff_t data_t:file { create rename rw_file_perms setattr
unlink };
allow staff_t data_t:lnk_file { create rw_file_perms };
allow smbd_t data_t:dir { add_name create getattr read remove_name
rename rmdir search setattr write };
allow smbd_t data_t:file { create getattr lock read rename setattr
unlink write };
allow snmpd_t data_t:dir getattr;
[data.fc]
/data(/.*)? gen_context(system_u:object_r:data_t,s0)
When I try to load the module (semodule -i data.pp) I get the
following error message:
libsepol.permission_copy_callback: Module data depends on permission
setkeycreate in class process, not satisfied
libsemanage.semanage_link_sandbox: Link packages failed
semodule: Failed!
I don't know what the error has to say. Any suggestions?
ciao, Stefan
PS: rpm -qa selinux-policy-mls
selinux-policy-mls-2.3.2-1.fc5
17 years, 8 months
SELinux and spamass-milter
by Lutfi
It's like SELinux problem here. Cannot handle spamass-milter form Fedora
Extras. Any help?
Here log maillog n audit.log
==== /var/log/maillog
Jul 24 08:58:31 beta spamd[2358]: spamd: connection from beta.rg.co.id
[127.0.0.1] at port 39319
Jul 24 08:58:31 beta spamd[2358]: spamd: setuid to mail succeeded
Jul 24 08:58:31 beta spamd[2358]: spamd: creating default_prefs:
/var/spool/mail/.spamassassin/user_prefs
Jul 24 08:58:31 beta spamd[2358]: mkdir
/var/run/spamass-milter/.spamassassin: Permission denied at
/usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1486
Jul 24 08:58:31 beta spamd[2358]: config: cannot write to
/var/spool/mail/.spamassassin/user_prefs: Permission denied
Jul 24 08:58:31 beta spamd[2358]: spamd: failed to create readable
default_prefs: /var/spool/mail/.spamassassin/user_prefs
Jul 24 08:58:31 beta spamd[2358]: spamd: processing message
<008b01c6ad38$52a114e0$c000a8c0(a)rbrana.co.id> for mail:8
Jul 24 08:58:36 beta spamd[2358]: locker: safe_lock: cannot create tmp
lockfile
/var/spool/mail/.spamassassin/auto-whitelist.lock.beta.rg.co.id.2358 for
/var/spool/mail/.spamassassin/auto-whitelist.lock: Permission denied
Jul 24 08:58:36 beta spamd[2358]: auto-whitelist: open of auto-whitelist
file failed: locker: safe_lock: cannot create tmp lockfile
/var/spool/mail/.spamassassin/auto-whitelist.lock.beta.rg.co.id.2358 for
/var/spool/mail/.spamassassin/auto-whitelist.lock: Permission denied
Jul 24 08:58:36 beta spamd[2358]: bayes: locker: safe_lock: cannot
create tmp lockfile
/var/spool/mail/.spamassassin/bayes.lock.beta.rg.co.id.2358 for
/var/spool/mail/.spamassassin/bayes.lock: Permission denied
Jul 24 08:58:36 beta spamd[2358]: spamd: clean message (-0.6/5.0) for
mail:8 in 4.7 seconds, 21826 bytes.
Jul 24 08:58:36 beta spamd[2358]: spamd: result: . 0 -
ADVANCE_FEE_1,ALL_TRUSTED,HTML_MESSAGE,INFO_TLD
scantime=4.7,size=21826,user=mail,uid=8,required_score=5.0,rhost=beta.rg.co.id,raddr=127.0.0.1,rport=39319,mid=<008b01c6ad38$52a114e0$c000a8c0(a)rbrana.co.id>,autolearn=failed
Jul 24 08:59:55 beta spamd[2358]: spamd: connection from beta.rg.co.id
[127.0.0.1] at port 39352
Jul 24 08:59:55 beta spamd[2358]: spamd: setuid to mail succeeded
Jul 24 08:59:55 beta spamd[2358]: spamd: creating default_prefs:
/var/spool/mail/.spamassassin/user_prefs
Jul 24 08:59:55 beta spamd[2358]: config: cannot write to
/var/spool/mail/.spamassassin/user_prefs: Permission denied
Jul 24 08:59:55 beta spamd[2358]: spamd: failed to create readable
default_prefs: /var/spool/mail/.spamassassin/user_prefs
Jul 24 08:59:55 beta spamd[2358]: spamd: processing message
<200607220320.k6M3JtH9002594(a)sigma.rbrana.co.id> for mail:8
Jul 24 09:00:00 beta spamd[2358]: locker: safe_lock: cannot create tmp
lockfile
/var/spool/mail/.spamassassin/auto-whitelist.lock.beta.rg.co.id.2358 for
/var/spool/mail/.spamassassin/auto-whitelist.lock: Permission denied
Jul 24 09:00:00 beta spamd[2358]: auto-whitelist: open of auto-whitelist
file failed: locker: safe_lock: cannot create tmp lockfile
/var/spool/mail/.spamassassin/auto-whitelist.lock.beta.rg.co.id.2358 for
/var/spool/mail/.spamassassin/auto-whitelist.lock: Permission denied
Jul 24 09:00:00 beta spamd[2358]: bayes: locker: safe_lock: cannot
create tmp lockfile
/var/spool/mail/.spamassassin/bayes.lock.beta.rg.co.id.2358 for
/var/spool/mail/.spamassassin/bayes.lock: Permission denied
Jul 24 09:00:00 beta spamd[2358]: spamd: clean message (-0.6/5.0) for
mail:8 in 4.9 seconds, 40771 bytes.
Jul 24 09:00:00 beta spamd[2358]: spamd: result: . 0 -
ADVANCE_FEE_1,ALL_TRUSTED,HTML_MESSAGE,INFO_TLD
scantime=4.9,size=40771,user=mail,uid=8,required_score=5.0,rhost=beta.rg.co.id,raddr=127.0.0.1,rport=39352,mid=<200607220320.k6M3JtH9002594(a)sigma.rbrana.co.id>,autolearn=failed
==== /var/log/audit/audit.log
type=AVC msg=audit(1153706398.439:33430): avc: denied { getattr } for
pid=2358 comm="spamd" name="servers.catalogue.lst" dev=dm-0 ino=8800183
scontext=system_u:system_r:spamd_t:s0
tcontext=root:object_r:mail_spool_t:s0 tclass=file
type=SYSCALL msg=audit(1153706398.439:33430): arch=40000003 syscall=195
success=no exit=-13 a0=9d931f0 a1=8c570c8 a2=c18ff4 a3=9d931f0 items=1
pid=2358 auid=4294967295 uid=0 gid=0 euid=8 suid=0 fsuid=8 egid=12
sgid=0 fsgid=12 tty=(none) comm="spamd" exe="/usr/bin/perl"
subj=system_u:system_r:spamd_t:s0
type=AVC_PATH msg=audit(1153706398.439:33430):
path="/var/spool/mail/.razor/servers.catalogue.lst"
type=CWD msg=audit(1153706398.439:33430): cwd="/"
type=PATH msg=audit(1153706398.439:33430): item=0
name="/var/spool/mail/.razor/servers.catalogue.lst" inode=8800183
dev=fd:00 mode=0100644 ouid=8 ogid=12 rdev=00:00
obj=root:object_r:mail_spool_t:s0
type=AVC msg=audit(1153706398.443:33431): avc: denied { getattr } for
pid=2358 comm="spamd" name="servers.catalogue.lst" dev=dm-0 ino=8800183
scontext=system_u:system_r:spamd_t:s0
tcontext=root:object_r:mail_spool_t:s0 tclass=file
type=SYSCALL msg=audit(1153706398.443:33431): arch=40000003 syscall=195
success=no exit=-13 a0=9d931f0 a1=8c570c8 a2=c18ff4 a3=9d931f0 items=1
pid=2358 auid=4294967295 uid=0 gid=0 euid=8 suid=0 fsuid=8 egid=12
sgid=0 fsgid=12 tty=(none) comm="spamd" exe="/usr/bin/perl"
subj=system_u:system_r:spamd_t:s0
type=AVC_PATH msg=audit(1153706398.443:33431):
path="/var/spool/mail/.razor/servers.catalogue.lst"
type=CWD msg=audit(1153706398.443:33431): cwd="/"
type=PATH msg=audit(1153706398.443:33431): item=0
name="/var/spool/mail/.razor/servers.catalogue.lst" inode=8800183
dev=fd:00 mode=0100644 ouid=8 ogid=12 rdev=00:00
obj=root:object_r:mail_spool_t:s0
type=AVC msg=audit(1153706399.375:33432): avc: denied { write } for
pid=2358 comm="spamd" name=".razor" dev=dm-0 ino=8800180
scontext=system_u:system_r:spamd_t:s0
tcontext=root:object_r:mail_spool_t:s0 tclass=dir
type=SYSCALL msg=audit(1153706399.375:33432): arch=40000003 syscall=5
success=no exit=-13 a0=a928610 a1=8241 a2=1b6 a3=8241 items=1 pid=2358
auid=4294967295 uid=0 gid=0 euid=8 suid=0 fsuid=8 egid=12 sgid=0
fsgid=12 tty=(none) comm="spamd" exe="/usr/bin/perl"
subj=system_u:system_r:spamd_t:s0
type=CWD msg=audit(1153706399.375:33432): cwd="/"
type=PATH msg=audit(1153706399.375:33432): item=0
name="/var/spool/mail/.razor/servers.catalogue.lst.lock" parent=8800180
dev=fd:00 mode=040755 ouid=8 ogid=12 rdev=00:00
obj=root:object_r:mail_spool_t:s0
type=AVC msg=audit(1153706399.375:33433): avc: denied { write } for
pid=2358 comm="spamd" name=".razor" dev=dm-0 ino=8800180
scontext=system_u:system_r:spamd_t:s0
tcontext=root:object_r:mail_spool_t:s0 tclass=dir
type=SYSCALL msg=audit(1153706399.375:33433): arch=40000003 syscall=5
success=no exit=-13 a0=a9285d8 a1=8241 a2=1b6 a3=8241 items=1 pid=2358
auid=4294967295 uid=0 gid=0 euid=8 suid=0 fsuid=8 egid=12 sgid=0
fsgid=12 tty=(none) comm="spamd" exe="/usr/bin/perl"
subj=system_u:system_r:spamd_t:s0
type=CWD msg=audit(1153706399.375:33433): cwd="/"
type=PATH msg=audit(1153706399.375:33433): item=0
name="/var/spool/mail/.razor/servers.nomination.lst.lock" parent=8800180
dev=fd:00 mode=040755 ouid=8 ogid=12 rdev=00:00
obj=root:object_r:mail_spool_t:s0
type=AVC msg=audit(1153706400.439:33434): avc: denied { write } for
pid=2358 comm="spamd" name=".spamassassin" dev=dm-0 ino=7767101
scontext=system_u:system_r:spamd_t:s0
tcontext=root:object_r:mail_spool_t:s0 tclass=dir
type=SYSCALL msg=audit(1153706400.439:33434): arch=40000003 syscall=5
success=no exit=-13 a0=a884720 a1=8241 a2=1b6 a3=8241 items=1 pid=2358
auid=4294967295 uid=0 gid=0 euid=8 suid=0 fsuid=8 egid=12 sgid=0
fsgid=12 tty=(none) comm="spamd" exe="/usr/bin/perl"
subj=system_u:system_r:spamd_t:s0
type=CWD msg=audit(1153706400.439:33434): cwd="/"
type=PATH msg=audit(1153706400.439:33434): item=0
name="/var/spool/mail/.spamassassin/auto-whitelist.lock.beta.rg.co.id.2358"
parent=7767101 dev=fd:00 mode=040700 ouid=8 ogid=12 rdev=00:00
obj=root:object_r:mail_spool_t:s0
type=AVC msg=audit(1153706400.463:33435): avc: denied { getattr } for
pid=2358 comm="spamd" name="bayes_toks" dev=dm-0 ino=7767186
scontext=system_u:system_r:spamd_t:s0
tcontext=root:object_r:mail_spool_t:s0 tclass=file
type=SYSCALL msg=audit(1153706400.463:33435): arch=40000003 syscall=195
success=no exit=-13 a0=9d931f0 a1=8c570c8 a2=c18ff4 a3=9d931f0 items=1
pid=2358 auid=4294967295 uid=0 gid=0 euid=8 suid=0 fsuid=8 egid=12
sgid=0 fsgid=12 tty=(none) comm="spamd" exe="/usr/bin/perl"
subj=system_u:system_r:spamd_t:s0
type=AVC_PATH msg=audit(1153706400.463:33435):
path="/var/spool/mail/.spamassassin/bayes_toks"
type=CWD msg=audit(1153706400.463:33435): cwd="/"
type=PATH msg=audit(1153706400.463:33435): item=0
name="/var/spool/mail/.spamassassin/bayes_toks" inode=7767186 dev=fd:00
mode=0100600 ouid=8 ogid=12 rdev=00:00 obj=root:object_r:mail_spool_t:s0
type=AVC msg=audit(1153706400.463:33436): avc: denied { write } for
pid=2358 comm="spamd" name=".spamassassin" dev=dm-0 ino=7767101
scontext=system_u:system_r:spamd_t:s0
tcontext=root:object_r:mail_spool_t:s0 tclass=dir
type=SYSCALL msg=audit(1153706400.463:33436): arch=40000003 syscall=5
success=no exit=-13 a0=a79f970 a1=8241 a2=1b6 a3=8241 items=1 pid=2358
auid=4294967295 uid=0 gid=0 euid=8 suid=0 fsuid=8 egid=12 sgid=0
fsgid=12 tty=(none) comm="spamd" exe="/usr/bin/perl"
subj=system_u:system_r:spamd_t:s0
type=CWD msg=audit(1153706400.463:33436): cwd="/"
type=PATH msg=audit(1153706400.463:33436): item=0
name="/var/spool/mail/.spamassassin/bayes.lock.beta.rg.co.id.2358"
parent=7767101 dev=fd:00 mode=040700 ouid=8 ogid=12 rdev=00:00
obj=root:object_r:mail_spool_t:s0
17 years, 8 months