Hello!
I have just started playing a bit with SELinux in permissive mode on my system. I have
qmail with spamassassin installed; the only AVC denied messages I get (after I relabeled
the system and fixed domains on a couple of log files), is the following:
Jan 30 20:23:13 drake kernel: audit(1170210193.998:8): avc: denied { read }
for pid=11862 comm="sendmail"
name="RsmVLSTr" dev=loop0 ino=20 scontext=user_u:
system_r:system_mail_t tcontext=user_u:object_r:httpd_sys_script_rw_t
tclass=fil e
Jan 30 20:23:13 drake kernel: audit(1170210193.998:9): avc: denied { read wr
ite } for pid=11862 comm="sendmail"
name="jk-runtime-status" dev=hda5 ino=49827
49 scontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:httpd_log_t
tclass=file
Jan 30 20:23:14 drake kernel: audit(1170210194.019:10): avc: denied { ioctl
} for pid=11863 comm="qmail-scanner-q"
name="error_log" dev=hda5 ino=4984894 sc
ontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:httpd_log_t tcla
ss=file
Jan 30 20:23:14 drake kernel: audit(1170210194.026:11): avc: denied { read }
for pid=11863 comm="sperl5.8.5"
name="mounts" dev=proc ino=777453584 scontext=
user_u:system_r:system_mail_t tcontext=user_u:system_r:system_mail_t
tclass=file
Jan 30 20:23:14 drake kernel: audit(1170210194.026:12): avc: denied { getatt
r } for pid=11863 comm="sperl5.8.5"
name="mounts" dev=proc ino=777453584 sconte
xt=user_u:system_r:system_mail_t tcontext=user_u:system_r:system_mail_t tclass=f
ile
Jan 30 20:23:15 drake kernel: audit(1170210195.204:13): avc: denied { append
} for pid=11863 comm="perl5.8.5"
name="qmail-queue.log" dev=hda5 ino=5130271 s
context=user_u:system_r:system_mail_t tcontext=system_u:object_r:var_spool_t tcl
ass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.204:14): avc: denied { ioctl
} for pid=11863 comm="perl5.8.5"
name="qmail-queue.log" dev=hda5 ino=5130271 sc
ontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:var_spool_t tcla
ss=file
Jan 30 20:23:15 drake kernel: audit(1170210195.205:15): avc: denied { getatt
r } for pid=11863 comm="perl5.8.5"
name="qmail-queue.log" dev=hda5 ino=5130271
scontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:var_spool_t tc
lass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.206:16): avc: denied { read }
for pid=11863 comm="perl5.8.5"
name="qmail-scanner-queue-version.txt" dev=hda5
ino=5130273 scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:v ar_spool_t
tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.208:17): avc: denied { write
} for pid=11863 comm="perl5.8.5"
name="tmp" dev=hda5 ino=5195094 scontext=user_
u:system_r:system_mail_t tcontext=system_u:object_r:var_spool_t tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.208:18): avc: denied { add_na
me } for pid=11863 comm="perl5.8.5"
name="drake.mydomain.com1170210195772118
63" scontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:var_spool_
t tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.208:19): avc: denied { create
} for pid=11863 comm="perl5.8.5"
name="drake.mydomain.com117021019577211863
" scontext=user_u:system_r:system_mail_t tcontext=user_u:object_r:var_spool_t tc
lass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.409:20): avc: denied { create
} for pid=11863 comm="perl5.8.5"
name="drake.mydomain.com117021019577211863
" scontext=user_u:system_r:system_mail_t tcontext=user_u:object_r:var_spool_t tc
lass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.410:21): avc: denied { ioctl
} for pid=11863 comm="perl5.8.5"
name="drake.mydomain.com117021019577211863"
dev=hda5 ino=5276868 scontext=user_u:system_r:system_mail_t tcontext=user_u:obj
ect_r:var_spool_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.410:22): avc: denied { getatt
r } for pid=11863 comm="perl5.8.5"
name="drake.mydomain.com11702101957721186
3" dev=hda5 ino=5276868 scontext=user_u:system_r:system_mail_t tcontext=user_u:o
bject_r:var_spool_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.414:23): avc: denied { write
} for pid=11863 comm="perl5.8.5"
name="drake.mydomain.com117021019577211863"
dev=hda5 ino=5276868 scontext=user_u:system_r:system_mail_t tcontext=user_u:obj
ect_r:var_spool_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.418:24): avc: denied { link }
for pid=11863 comm="perl5.8.5"
name="drake.mydomain.com117021019577211863"
dev=hda5 ino=5276868 scontext=user_u:system_r:system_mail_t tcontext=user_u:obje
ct_r:var_spool_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.419:25): avc: denied { remove
_name } for pid=11863 comm="perl5.8.5"
name="drake.mydomain.com1170210195772
11863" dev=hda5 ino=5276868 scontext=user_u:system_r:system_mail_t tcontext=syst
em_u:object_r:var_spool_t tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.419:26): avc: denied { unlink
} for pid=11863 comm="perl5.8.5"
name="drake.mydomain.com117021019577211863
" dev=hda5 ino=5276868 scontext=user_u:system_r:system_mail_t tcontext=user_u:ob
ject_r:var_spool_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.424:27): avc: denied { read w
rite } for pid=11864 comm="sh"
name="tty" dev=tmpfs ino=1804 scontext=user_u:sy
stem_r:system_mail_t tcontext=system_u:object_r:devtty_t tclass=chr_file
Jan 30 20:23:15 drake kernel: audit(1170210195.431:28): avc: denied { read }
for pid=11865 comm="sh"
name="drake.mydomain.com117021019577211863" dev=hda
5 ino=5276868 scontext=user_u:system_r:system_mail_t
tcontext=user_u:object_r:va r_spool_t
tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.434:29): avc: denied { write
} for pid=11865 comm="reformime"
name="drake.mydomain.com117021019577211863"
dev=hda5 ino=5408221 scontext=user_u:system_r:system_mail_t tcontext=user_u:obj
ect_r:var_spool_t tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.434:30): avc: denied { add_na
me } for pid=11865 comm="reformime"
name="1170210195.11865-0.drake.mydomain.
com" scontext=user_u:system_r:system_mail_t tcontext=user_u:object_r:var_spool_t
tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.739:31): avc: denied { read }
for pid=11863 comm="perl5.8.5"
name="drake.mydomain.com117021019577211863"
dev=hda5 ino=5408221 scontext=user_u:system_r:system_mail_t tcontext=user_u:obje
ct_r:var_spool_t tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.755:32): avc: denied { read }
for pid=11863 comm="perl5.8.5"
name="tmp" dev=hda5 ino=4980740 scontext=user_u
:system_r:system_mail_t tcontext=system_u:object_r:var_t tclass=lnk_file
Jan 30 20:23:15 drake kernel: audit(1170210195.795:33): avc: denied { execut
e } for pid=11867 comm="perl5.8.5"
name="find" dev=hda5 ino=5297451 scontext=us
er_u:system_r:system_mail_t tcontext=system_u:object_r:file_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.796:34): avc: denied { execut
e_no_trans } for pid=11867 comm="perl5.8.5"
name="find" dev=hda5 ino=5297451 sc
ontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:file_t tclass=fi
le
Jan 30 20:23:15 drake kernel: audit(1170210195.796:35): avc: denied { read }
for pid=11867 comm="perl5.8.5"
name="find" dev=hda5 ino=5297451 scontext=user_
u:system_r:system_mail_t tcontext=system_u:object_r:file_t tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.798:36): avc: denied { search
} for pid=11867 comm="find"
name="selinux" dev=hda5 ino=557257 scontext=user_u
:system_r:system_mail_t tcontext=system_u:object_r:selinux_config_t
tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.798:37): avc: denied { read }
for pid=11867 comm="find"
name="config" dev=hda5 ino=557274 scontext=user_u:sy
stem_r:system_mail_t tcontext=user_u:object_r:selinux_config_t
tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.798:38): avc: denied { getatt
r } for pid=11867 comm="find"
name="config" dev=hda5 ino=557274 scontext=user_u
:system_r:system_mail_t tcontext=user_u:object_r:selinux_config_t
tclass=file
Jan 30 20:23:15 drake kernel: audit(1170210195.860:39): avc: denied { read }
for pid=11871 comm="rm" name="qscan"
dev=hda5 ino=5130256 scontext=user_u:syst
em_r:system_mail_t tcontext=system_u:object_r:var_spool_t tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.860:40): avc: denied { remove
_name } for pid=11871 comm="rm"
name="1170210195.11865-0.drake.mydomain.com"
dev=hda5 ino=5408222 scontext=user_u:system_r:system_mail_t tcontext=user_u:obj
ect_r:var_spool_t tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.861:41): avc: denied { rmdir
} for pid=11871 comm="rm"
name="drake.mydomain.com117021019577211863" dev=hd
a5 ino=5408221 scontext=user_u:system_r:system_mail_t
tcontext=user_u:object_r:v ar_spool_t
tclass=dir
Jan 30 20:23:15 drake kernel: audit(1170210195.873:42): avc: denied { sigchl
d } for pid=1 comm="init"
scontext=user_u:system_r:system_mail_t tcontext=user_
u:system_r:unconfined_t tclass=process
Any directions to fix this?
Thanks!
------------------------------------------------------
Mutuo da 200.000 ? Tassi ridotti da 4.25%. Solo per richieste online. Mutuionline.it
http://click.libero.it/mutuionline31ge07