-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ali Nebi wrote:
Hi everyone,
i get in all servers these audit messages:
Aug 21 14:17:34 casamerica kernel: audit(1187698654.515:356):avc:denied
{ append } for pid=9416 comm="sendmail" name="error.log" dev=dm-0
ino=16416800 scontext=system_u:system_r:system_mail_t:s0
tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file
Aug 21 14:17:34 casamerica kernel: audit(1187698654.515:357):avc:denied
{ read write } for pid=9416 comm="sendmail" name="[eventpoll]"
dev=anon_inodefs ino=393 scontext=system_u:system_r:system_mail_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
Aug 21 14:17:34 casamerica kernel: audit(1187698654.599:358):avc:denied
{ append } for pid=9417 comm="postdrop" name="error_log" dev=dm-0
ino=15631250 scontext=system_u:system_r:postfix_postdrop_t:s0
tcontext=root:object_r:httpd_log_t:s0 tclass=file
Aug 21 14:17:34 casamerica kernel: audit(1187698654.603:359):avc:denied
{ getattr } for pid=9417 comm="postdrop" name="error_log" dev=dm-0
ino=15631250 scontext=system_u:system_r:postfix_postdrop_t:s0
tcontext=root:object_r:httpd_log_t:s0 tclass=file
Aug 21 14:26:58 casamerica kernel: audit(1187699218.244:360):avc:denied
{ append } for pid=9448 comm="sendmail" name="error.log" dev=dm-0
ino=16416800 scontext=system_u:system_r:system_mail_t:s0
tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file
Aug 21 14:26:58 casamerica kernel: audit(1187699218.244:361):avc:denied
{ read write } for pid=9448 comm="sendmail" name="[eventpoll]"
dev=anon_inodefs ino=393 scontext=system_u:system_r:system_mail_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
Aug 21 14:26:58 casamerica kernel: audit(1187699218.253:362):avc:denied
{ append } for pid=9449 comm="postdrop" name="error_log" dev=dm-0
ino=15631250 scontext=system_u:system_r:postfix_postdrop_t:s0
tcontext=root:object_r:httpd_log_t:s0 tclass=file
Aug 21 14:26:58 casamerica kernel: audit(1187699218.256:363):avc:denied
{ getattr } for pid=9449 comm="postdrop" name="error_log" dev=dm-0
ino=15631250 scontext=system_u:system_r:postfix_postdrop_t:s0
tcontext=root:object_r:httpd_log_t:s0 tclass=file
Aug 21 15:36:34 w3host kernel: audit(1187703394.426:423): avc:denied
{ name_connect } for pid=32151 comm="httpd" dest=5432
scontext=user_u:system_r:httpd_t:s0
tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket
so, these are the messages.
We have installed Fedora 6, x86_64
My questions are these:
1. Why postdrop try to read, append, get atribute the apache logs. Is
can be because we have installed Logwatch program. We get these in all
servers.
This probably means the logwatch program is leaking file descriptors
when executing postfix. Logwatch has an open file descriptor to the
error.log file with append access. When it executes postfix, it does
not automatically close the file descriptor, so SELinux checks the
access to the open file descriptor when starting postfix, denies it,
closes it, reports the avc and continues executing the program.
2. I have to allow postdrop to make what is needed with the logs, this
is secure and it will not be problem for something?
No you probably want to dontaudit this, and get logwatch developers to
fix their code.
3. For the last one, httpd, try to connect to postgresql socket, why
this happen and is it secure?
4. I have to give this permission of httpd to connect to postgresql.
We have set postgresql to work on localhost and not to execute queries
from remote host and sites.
There is a boolean for this.
httpd_can_network_connect_db
setsebool -P httpd_can_network_connect_db=1
I will wait for your opinions, thanks in advanced.
Regards, Ali Nebi!
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iD8DBQFGzY7XrlYvE4MpobMRAiFUAJ0RRYY/ND5RqWBCG0CSh8lO6ejiXQCdElyZ
S0H0qGQW/jT7SY5LBKYaRMI=
=+nx1
-----END PGP SIGNATURE-----