AVCs seen when running spamass-milter as root
Paul Howarth
paul at city-fan.org
Tue Mar 16 21:37:09 UTC 2010
I think these are leaked file descriptors from spamass-milter but the
curious thing is, I don't see them when I run the milter in its normal
configuration as a non root user; they only appear when it's run as
root (which I'm only doing to test a patch for a security
vulnerability, and I have to do that in permissive mode too since
SELinux makes the vulnerability very difficult to test ;-) )
type=AVC msg=audit(1268768820.019:35365): avc: denied { read write } for pid=4941 comm="spamc" name="1" dev=devpts ino=4 scontext=unconfined_u:system_r:spamc_t:s0 tcontext=unconfined_u:object_r:user_devpts_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1268768820.019:35365): arch=c000003e syscall=59 success=yes exit=0 a0=409fae a1=7f6c98000f70 a2=7fff2c255858 a3=7f6ca0ffa7c0 items=0 ppid=1368 pid=4941 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3170 comm="spamc" exe="/usr/bin/spamc" subj=unconfined_u:system_r:spamc_t:s0 key=(null)
Why would they only appear when the process that calls spamc is running
as root?
Paul.
More information about the selinux
mailing list