FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 03-16-2010, 08:37 PM
Paul Howarth
 
Default AVCs seen when running spamass-milter as root

I think these are leaked file descriptors from spamass-milter but the
curious thing is, I don't see them when I run the milter in its normal
configuration as a non root user; they only appear when it's run as
root (which I'm only doing to test a patch for a security
vulnerability, and I have to do that in permissive mode too since
SELinux makes the vulnerability very difficult to test ;-) )

type=AVC msg=audit(1268768820.019:35365): avc: denied { read write } for pid=4941 comm="spamc" name="1" dev=devpts ino=4 scontext=unconfined_u:system_r:spamc_t:s0 tcontext=unconfined_ubject_r:user_devpts_t:s0 tclass=chr_file

type=SYSCALL msg=audit(1268768820.019:35365): arch=c000003e syscall=59 success=yes exit=0 a0=409fae a1=7f6c98000f70 a2=7fff2c255858 a3=7f6ca0ffa7c0 items=0 ppid=1368 pid=4941 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3170 comm="spamc" exe="/usr/bin/spamc" subj=unconfined_u:system_r:spamc_t:s0 key=(null)

Why would they only appear when the process that calls spamc is running
as root?

Paul.
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 03-17-2010, 11:13 AM
Daniel J Walsh
 
Default AVCs seen when running spamass-milter as root

On 03/16/2010 05:37 PM, Paul Howarth wrote:
> I think these are leaked file descriptors from spamass-milter but the
> curious thing is, I don't see them when I run the milter in its normal
> configuration as a non root user; they only appear when it's run as
> root (which I'm only doing to test a patch for a security
> vulnerability, and I have to do that in permissive mode too since
> SELinux makes the vulnerability very difficult to test ;-) )
>
> type=AVC msg=audit(1268768820.019:35365): avc: denied { read write } for pid=4941 comm="spamc" name="1" dev=devpts ino=4 scontext=unconfined_u:system_r:spamc_t:s0 tcontext=unconfined_ubject_r:user_devpts_t:s0 tclass=chr_file
>
> type=SYSCALL msg=audit(1268768820.019:35365): arch=c000003e syscall=59 success=yes exit=0 a0=409fae a1=7f6c98000f70 a2=7fff2c255858 a3=7f6ca0ffa7c0 items=0 ppid=1368 pid=4941 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3170 comm="spamc" exe="/usr/bin/spamc" subj=unconfined_u:system_r:spamc_t:s0 key=(null)
>
> Why would they only appear when the process that calls spamc is running
> as root?
>
> Paul.
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
>
I would figure there is some DAC Permission that is preventing the
access before SELinux gets involved. Like the terminal device is owned
by root, so you are blocked when you are non root.


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 09:12 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org