On 06/11/2011 02:57 PM, Dominick Grift wrote:
On Sat, 2011-06-11 at 14:55 +0100, Arthur Dent wrote:
>>
>>> Anyway, the above AVC looked strange and I didn't want to create a local
>>> policy module for it until I had checked with the chaps here...
>>
>> This does not look particularly strange. The pipe is probably created by
>> systemd.
>
> So, should I create a policy module to allow it?
>
Did you notice any loss of functionality? Anyways i do not see a problem
with allowing it.
I'm getting this when I restart opendkim on F-15:
type=AVC msg=audit(1316699607.377:150425): avc: denied { read } for
pid=4151 comm="systemd-tty-ask" name="136:0" dev=tmpfs ino=209876
scontext=unconfined_u:system_r:systemd_passwd_agent_t:s0
tcontext=unconfined_u:object_r:init_var_run_t:s0 tclass=fifo_file
type=AVC msg=audit(1316699607.377:150425): avc: denied { open } for
pid=4151 comm="systemd-tty-ask" name="136:0" dev=tmpfs ino=209876
scontext=unconfined_u:system_r:systemd_passwd_agent_t:s0
tcontext=unconfined_u:object_r:init_var_run_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1316699607.377:150425): arch=c000003e syscall=2
success=yes exit=3 a0=14c60a0 a1=80900 a2=fffffffffffffed0
a3=7ffffdee5c80 items=1 ppid=4150 pid=4151 auid=0 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=9220
comm="systemd-tty-ask" exe="/bin/systemd-tty-ask-password-agent"
subj=unconfined_u:system_r:systemd_passwd_agent_t:s0 key=(null)
type=CWD msg=audit(1316699607.377:150425): cwd="/"
type=PATH msg=audit(1316699607.377:150425): item=0
name="/run/systemd/ask-password-block/136:0" inode=209876 dev=00:12
mode=010600 ouid=0 ogid=0 rdev=00:00
obj=unconfined_u:object_r:init_var_run_t:s0
I don't know what's happening here and it doesn't appear to affect the
operation of opendkim, so I'm tempted to dontaudit it rather than allow
it. But what is it actually trying to do?
Paul.