Le mardi 29 novembre 2005 à 15:01 -0500, Daniel J Walsh a écrit :
Nicolas Mailhot wrote:
> The udev denial seems fixed with
selinux-policy-targeted-2.0.6-1. So
> things get (slowly) fixed. But most issues are still there :
>
> audit2allow < /var/log/audit/audit.log
> allow dovecot_auth_t var_lib_t:dir search;
> allow system_chkpwd_t devpts_t:chr_file { read write };
> allow procmail_t spamd_port_t:tcp_socket name_connect;
> allow updfstab_t tmpfs_t:dir getattr;
> allow dovecot_auth_t etc_runtime_t:file read;
> allow spamd_t port_t:udp_socket name_bind;
> (this bit is the spamassassin resolver issue Steven Stern just reported
> for FC4. It was briefly fixed in Rawhide, then regressed to broken stage
> with the 2.x policy change)
>
> (generated on a clean fully relabeled system after 3 min of activity)
>
> That's almost the same list I had with selinux-policy-targeted-2.0.0
selinux-policy-2.0.6-2 should fix most of those.
This one is much better, right. I had to work a little harder to fill my
AVC quota. Now I only get :
# audit2allow < /var/log/audit/audit.log | sort
allow dovecot_auth_t var_auth_t:dir write;
(on-the-fly pam_abl database creation failure, strangely works fine from
ssh)
allow saslauthd_t self:capability setuid;
(should saslauthd be allowed setuid ?)
allow saslauthd_t var_auth_t:dir search;
(more pam_abl stuff)
allow spamd_t port_t:udp_socket name_bind;
Probably related to one of those :
Nov 29 22:08:11 rousalka spamd[2382]: Error creating a DNS resolver
socket: Permission non accordée
at /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin/DnsResolver.pm
line 202, <GEN5> line 120.
Nov 29 22:08:11 rousalka spamd[2382]: spamd: Error creating a DNS
resolver socket: Permission non accordée
at /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin/DnsResolver.pm
line 202, <GEN5> line 120.
Nov 29 22:09:38 rousalka spamd[2382]: spamd: connection from
localhost.localdomain [127.0.0.1] at port 50657
Nov 29 22:09:38 rousalka spamd[2382]: spamd: setuid to nim succeeded
Nov 29 22:09:38 rousalka spamd[2382]: spamd: creating
default_prefs: /home/nim/.spamassassin/user_prefs
Nov 29 22:09:38 rousalka spamd[2382]: mkdir /home/nim: Le fichier
existe. at /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin.pm line
1467
Nov 29 22:09:38 rousalka spamd[2382]: config: cannot write
to /home/nim/.spamassassin/user_prefs: Permission non accordée
Nov 29 22:09:38 rousalka spamd[2382]: spamd: failed to create readable
default_prefs: /home/nim/.spamassassin/user_prefs
Nov 29 22:09:38 rousalka spamd[2382]: mkdir /home/nim: Le fichier
existe. at /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin.pm line
1467
Nov 29 22:09:38 rousalka spamd[2382]: spamd: checking message
<1133298570.3426.4.camel(a)rousalka.dyndns.org> for nim:500
Nov 29 22:09:38 rousalka spamd[2382]: internal error
Nov 29 22:09:38 rousalka spamd[2382]: pyzor: check failed: internal
error
Nov 29 22:09:38 rousalka spamd[2382]: mkdir /home/nim: Le fichier
existe. at /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin.pm line
1467
Nov 29 22:09:38 rousalka spamd[2382]: locker: safe_lock: cannot create
tmp
lockfile /home/nim/.spamassassin/auto-whitelist.lock.rousalka.dyndns.org.2382 for
/home/nim/.spamassassin/auto-whitelist.lock: Permission non accordée
Nov 29 22:09:38 rousalka spamd[2382]: auto-whitelist: open of
auto-whitelist file failed: locker: safe_lock: cannot create tmp
lockfile /home/nim/.spamassassin/auto-whitelist.lock.rousalka.dyndns.org.2382 for
/home/nim/.spamassassin/auto-whitelist.lock: Permission non accordée
Nov 29 22:09:38 rousalka spamd[2382]: Can't call method "finish" on an
undefined value
at /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin/Plugin/AWL.pm line
397.
Nov 29 22:09:38 rousalka spamd[2382]: bayes: locker: safe_lock: cannot
create tmp
lockfile /home/nim/.spamassassin/bayes.lock.rousalka.dyndns.org.2382
for /home/nim/.spamassassin/bayes.lock: Permission non accordée
allow system_chkpwd_t devpts_t:chr_file { read write };
(this one is pam-related - may be serious)
allow updfstab_t tmpfs_t:dir getattr;
(fstab-sync is blocked)
Regards,
--
Nicolas Mailhot