Need help bypassing spamass-milter audit
Daniel J Walsh
dwalsh at redhat.com
Thu Jan 28 14:14:07 UTC 2010
On 01/27/2010 10:24 PM, Dan Thurman wrote:
>
> I know that F8 is not supported, but I need help in knowing how
> to get SELinux to permanently bypass spamass-milter denials.
> I just cannot upgrade this F8 machine right now as it is my main email
> server.
>
> The following is generated by the command:
> # service spamass-milter start:
> [OK] is generated, but the errors are shown in /var/log/audit/audit.log:
>
> type=AVC msg=audit(1264646701.440:1750): avc: denied { execute } for
> pid=13694 comm="spamass-milter" name="spamc" dev=sda3 ino=4688447
> scontext=unconfined_u:system_r:spamd_t:s0
> tcontext=system_u:object_r:spamc_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1264646701.440:1750): arch=40000003 syscall=11
> success=no exit=-13 a0=8058507 a1=968fa20 a2=bf95526c a3=1 items=0
> ppid=13056 pid=13694 auid=500 uid=600 gid=600 euid=600 suid=600
> fsuid=600 egid=600 sgid=600 fsgid=600 tty=(none) ses=186
> comm="spamass-milter" exe="/usr/sbin/spamass-milter"
> subj=unconfined_u:system_r:spamd_t:s0 key=(null)
> type=USER_START msg=audit(1264646735.400:1751): user pid=13765 uid=0
> auid=500 ses=186 subj=unconfined_u:system_r:initrc_t:s0
> msg='op=PAM:session_open acct="sa-milt" exe="/sbin/runuser" (hostname=?,
> addr=?, terminal=pts/1 res=success)'
> type=CRED_ACQ msg=audit(1264646735.400:1752): user pid=13765 uid=0
> auid=500 ses=186 subj=unconfined_u:system_r:initrc_t:s0
> msg='op=PAM:setcred acct="sa-milt" exe="/sbin/runuser" (hostname=?,
> addr=?, terminal=pts/1 res=success)'
> type=CRED_DISP msg=audit(1264646738.120:1753): user pid=13765 uid=0
> auid=500 ses=186 subj=unconfined_u:system_r:initrc_t:s0
> msg='op=PAM:setcred acct="sa-milt" exe="/sbin/runuser" (hostname=?,
> addr=?, terminal=pts/1 res=success)'
> type=USER_END msg=audit(1264646738.122:1754): user pid=13765 uid=0
> auid=500 ses=186 subj=unconfined_u:system_r:initrc_t:s0
> msg='op=PAM:session_close acct="sa-milt" exe="/sbin/runuser"
> (hostname=?, addr=?, terminal=pts/1 res=success)'
>
> Of course, shutting down spamass-milter will fail:
>
> # service spamass-milter stop
> [FAILED] is generated, because
> /var/run/spamass-milter/spamass-milter.sock is not created.
>
>
> Interestingly, if one issues:
>
> # setenforce 0
> # service spamass-milter start
> [OK] is generated
> # service spamass-milter stop
> [OK] is generated
> # setenforce 1
>
> And, /var/run/spamass-milter/spamass-milter.sock is created.
>
> However, sendmail with spamass-milter enabled results in permission denied
> because security context is enabled.
>
>
> So, can someone please give me instructions so that I can permanently
> bypass spamass-milter audit?
>
> Thanks!
> Dan
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
Just build custom policy using audit2allow.
grep avc /var/log/audit/audit.log | audit2allow -M myspam
semodule -i myspam.pp
More information about the selinux
mailing list