I think these are leaked file descriptors from spamass-milter but the
curious thing is, I don't see them when I run the milter in its normal
configuration as a non root user; they only appear when it's run as
root (which I'm only doing to test a patch for a security
vulnerability, and I have to do that in permissive mode too since
SELinux makes the vulnerability very difficult to test ;-) )
type=AVC msg=audit(1268768820.019:35365): avc: denied { read write } for pid=4941
comm="spamc" name="1" dev=devpts ino=4
scontext=unconfined_u:system_r:spamc_t:s0 tcontext=unconfined_u:object_r:user_devpts_t:s0
tclass=chr_file
type=SYSCALL msg=audit(1268768820.019:35365): arch=c000003e syscall=59 success=yes exit=0
a0=409fae a1=7f6c98000f70 a2=7fff2c255858 a3=7f6ca0ffa7c0 items=0 ppid=1368 pid=4941
auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3170
comm="spamc" exe="/usr/bin/spamc"
subj=unconfined_u:system_r:spamc_t:s0 key=(null)
Why would they only appear when the process that calls spamc is running
as root?
Paul.