[clueless-user]Should I ignore or report this avc denial?
by Sergio
Hello.
For quite some time I have this avc denial at boot time:
f17 kernel: [ 24.589672] type=1400 audit(1348484525.104:4): avc: denied { mmap_zero } for pid=449 comm="vbetool" scontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023 tcontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023 tclass=memprotect
I know it's for vbetool but it comes right after the video driver module is loaded (don't know if it makes sense).
Should I leave it alone? Should I report to selinux-policy-targeted as a bug? Or maybe create some policy to work around that?
Thank you.
10 years, 6 months
- 4
- 8
Configuring Setroubleshhot
by Arthur Dent
Hello all,
I have just had a weird email indicating that my server is spamming.
This resulted from my attempt to get setroubleshoot to send email
notifications.
I don't really understand how this happened, and I keep looking at the
headers wondering exactly what went on...
This is the message I received:
================================8<=====================================
The original message was received at Sat, 29 Sep 2012 17:18:17 +0100
from localhost [127.0.0.1]
with id q8TGIHxg001451
----- The following addresses had permanent fatal errors -----
<root(a)localhost.localdomain>
(reason: 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked using ix.dnsbl.manitu.net; Your e...2 13:01:07 +0200. Your admin should visit http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228)
----- Transcript of session follows -----
... while talking to el-tio.edelhost.de.:
>>> DATA
<<< 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked using ix.dnsbl.manitu.net; Your e-mail service was detected by el-tio.edelhost.de (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07 +0200. Your admin should visit http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228
554 5.0.0 Service unavailable
<<< 554 5.5.1 Error: no valid recipients
550 5.1.1 <SELinux_Troubleshoot(a)mydomain.org>... User unknown
================================8<=====================================
These are the headers for that email. As far as I can tell the email
never left my server.
================================8<=====================================
Return-path: <MAILER-DAEMON(a)mydomain.org>
X-spam-checker-version: SpamAssassin 3.3.2 (2011-06-06) on mydomain.org
X-spam-level:
X-spam-status: No, score=-0.3 required=5.0 tests=BAYES_00,NO_RELAYS, T_TVD_MIME_NO_HEADERS,URIBL_WS_SURBL autolearn=no version=3.3.2
Received: from localhost (localhost) by mydomain.org (8.14.5/8.14.5) id q8TGIJxg001453; Sat, 29 Sep 2012 17:18:19 +0100
Date: Sat, 29 Sep 2012 17:18:19 +0100
From: Mail Delivery Subsystem <MAILER-DAEMON(a)mydomain.org>
Message-id: <201209291618.q8TGIJxg001453(a)mydomain.org>
To: postmaster(a)mydomain.org
Mime-version: 1.0
Content-type: multipart/report; report-type=delivery-status; boundary="q8TGIJxg001453.1348935499/mydomain.org"
Subject: Postmaster notify: see transcript for details
Auto-submitted: auto-generated (postmaster-notification)
X-evolution-source: 1292576305.15554.21(a)localhost.localdomain
================================8<=====================================
This was attached. I do not understand how this came about:
================================8<=====================================
Reporting-MTA: dns; mydomain.org
Received-From-MTA: DNS; localhost
Arrival-Date: Sat, 29 Sep 2012 17:18:17 +0100
Final-Recipient: RFC822; root(a)localhost.localdomain.org
Action: failed
Status: 5.7.1
Remote-MTA: DNS; el-tio.edelhost.de
Diagnostic-Code: SMTP; 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked using ix.dnsbl.manitu.net; Your e-mail service was detected by el-tio.edelhost.de (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07 +0200. Your admin should visit http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228
Last-Attempt-Date: Sat, 29 Sep 2012 17:18:19 +0100
================================8<=====================================
And the actual mail was a standard setroubleshoot report detailing an
AVC.
I admit I probably do not have this set up right, but I don't know what
I have done wrong.
In /var/lib/setroubleshoot/email_alert_recipients I have simply:
root(a)localhost.localdomain filter_type=after_first
Note that there is no ".org" after that.
I have not touched /etc/setroubleshoot/setroubleshoot.conf at all.
What do I have to do to fix this?
Thanks...
Mark
10 years, 6 months
- 2
- 3