Re: [CentOS] Odd SELinux messages during+after 5.3 upgrade (system_mail_t and postfix_postdrop_t access rpm_var_lib_t)
Dan Mensom wrote:
Does anyone know what these accesses are?
snip
Also, on a related note, is it normally best practices to
'setenforce 0'
during a 5.x upgrade?
I also got these type of messages. I just did a yum update from
5.2. Output from audit2allow are as follows:
allow useradd_t rpm_t:tcp_socket { read write };
allow useradd_t rpm_var_lib_t:file { read write };
allow useradd_t var_lib_t:file write;
allow useradd_t var_t:file read;
I have similar messages for auditctl_t, cupsd_t, groupadd_t, rdisc_t,
restorecon_t, restorecond_t, semanage_t and setrans_t. It looks like
they only happened during the upgrade and haven't gotten any every
since. Just wondering too if these messages are normal (everything
is working flawlessly) and if there's anything I should've done to
ensure the upgrade is complete.
Thank you.
Dianne
Wells Gaming Research
(800) 854-6809
(775) 826-3232
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] Odd SELinux messages during+after 5.3 upgrade (system_mail_t and postfix_postdrop_t access rpm_var_lib_t)
Hey guys,
I've been getting some strange selinux messages after the 5.3 upgrade.
It appears as though my mail system (postfix) is constantly trying to
access the rpm database? Here's the audit messages (I tend to look at
my selinux messages using audit2allow /var/log/audit.log as I find
it easier to read quickly):
allow postfix_postdrop_t rpm_t:tcp_socket { read write };
allow postfix_postdrop_t rpm_var_lib_t:file { read write };
allow postfix_postdrop_t user_home_t:file { getattr append };
allow postfix_postdrop_t var_lib_t:file write;
allow system_mail_t rpm_t:tcp_socket { read write };
allow system_mail_t rpm_var_lib_t:file { read write };
allow system_mail_t var_lib_t:file write;
I've been getting the latter set continously since the upgrade. The
first set appeared briefly when I did a 'setenforce 0' to diagnose
a spamc_t issue with calling the /usr/sbin/sendmail symlink..
They correspond to audit.log messages similar to the following:
type=AVC msg=audit(1239664501.977:9052044): avc: denied { write } for
pid=18901 comm=sendmail name=transaction-done.2009-04-12.22:52.45 dev=loop0
ino=901575 scontext=user_u:system_r:system_mail_t:s0-s0:c0.c1023
tcontext=user_u:object_r:var_lib_t:s0 tclass=file
type=AVC msg=audit(1239664501.977:9052044): avc: denied { read write } for
pid=18901 comm=sendmail name=__db.000 dev=loop0 ino=901554
scontext=user_u:system_r:system_mail_t:s0-s0:c0.c1023
tcontext=root:object_r:rpm_var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1239664501.977:9052044): arch=4003 syscall=11
success=yes exit=0 a0=5e2237b8 a1=5e223584 a2=5e2439bc a3=8 items=0 ppid=18880
pid=18901 auid=517 uid=517 gid=517 euid=517 suid=517 fsuid=517 egid=517
sgid=517 fsgid=517 tty=(none) comm=sendmail exe=/usr/sbin/sendmail.postfix
subj=user_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null)
type=AVC_PATH msg=audit(1239664501.977:9052044): path=/var/lib/rpm/__db.000
type=AVC_PATH msg=audit(1239664501.977:9052044):
path=2F7661722F6C69622F79756D2F7472616E73616374696F6E2D646F6E652E323030392D30342D31322E32323A35322E34352028646
56C6574656429
During the upgrade it looks like it was pretty common for most packages'
contexts to attempt to access a tcp socket to rpm and do similar things
(again, in audit2allow format):
allow tzdata_t rpm_t:tcp_socket { read write };
allow tzdata_t rpm_var_lib_t:file { read write };
allow tzdata_t var_lib_t:file write;
allow tzdata_t var_t:file read;
But I was surprised that these mail messages didn't show up till the
following day, and are still showing up continuously now.
Does anyone know what these accesses are? And why they might be still
continously triggering for the mail system, where as all the other
packages have stopped causing them?
Also, on a related note, is it normally best practices to 'setenforce 0'
during a 5.x upgrade? Is it possible I've damaged something by leaving
selinux enabled? Other than the spamassassin issue, the machine seems
to be running ok..
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Odd SELinux messages during+after 5.3 upgrade (system_mail_t and postfix_postdrop_t access rpm_var_lib_t)
2009/4/14 Dan Mensom mensom...@yahoo.com Hey guys, I've been getting some strange selinux messages after the 5.3 upgrade. It appears as though my mail system (postfix) is constantly trying to access the rpm database? Here's the audit messages (I tend to look at my selinux messages using audit2allow /var/log/audit.log as I find it easier to read quickly): Does anyone know what these accesses are? And why they might be still continously triggering for the mail system, where as all the other packages have stopped causing them? Also, on a related note, is it normally best practices to 'setenforce 0' during a 5.x upgrade? Is it possible I've damaged something by leaving selinux enabled? Other than the spamassassin issue, the machine seems to be running ok.. I've seen the same with a bit of php sending mail through a cronjob... I've so far been unable to reproduce it though... The php in question isn't supposed to touch the rpmdb even it was maintaining open file handles when launching sendmail... d ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Odd SELinux messages during+after 5.3 upgrade (system_mail_t and postfix_postdrop_t access rpm_var_lib_t)
On Tue, 2009-04-14 at 12:06 +0800, D Tucny wrote: 2009/4/14 Dan Mensom mensom...@yahoo.com Hey guys, I've been getting some strange selinux messages after the 5.3 upgrade. It appears as though my mail system (postfix) is constantly trying to access the rpm database? Here's the audit messages (I tend to look at my selinux messages using audit2allow /var/log/audit.log as I find it easier to read quickly): Does anyone know what these accesses are? And why they might be still continously triggering for the mail system, where as all the other packages have stopped causing them? Also, on a related note, is it normally best practices to 'setenforce 0' during a 5.x upgrade? Is it possible I've damaged something by leaving selinux enabled? Other than the spamassassin issue, the machine seems to be running ok.. I've seen the same with a bit of php sending mail through a cronjob... I've so far been unable to reproduce it though... The php in question isn't supposed to touch the rpmdb even it was maintaining open file handles when launching sendmail... d --- Is it possible yours stopped with the new PHP update that just come out? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Odd SELinux messages during+after 5.3 upgrade (system_mail_t and postfix_postdrop_t access rpm_var_lib_t)
2009/4/14 D Tucny d...@tucny.com 2009/4/14 Dan Mensom mensom...@yahoo.com Hey guys, I've been getting some strange selinux messages after the 5.3 upgrade. It appears as though my mail system (postfix) is constantly trying to access the rpm database? Here's the audit messages (I tend to look at my selinux messages using audit2allow /var/log/audit.log as I find it easier to read quickly): Does anyone know what these accesses are? And why they might be still continously triggering for the mail system, where as all the other packages have stopped causing them? Also, on a related note, is it normally best practices to 'setenforce 0' during a 5.x upgrade? Is it possible I've damaged something by leaving selinux enabled? Other than the spamassassin issue, the machine seems to be running ok.. I've seen the same with a bit of php sending mail through a cronjob... I've so far been unable to reproduce it though... The php in question isn't supposed to touch the rpmdb even it was maintaining open file handles when launching sendmail... Narrowed it down, nothing to do with the php, it's when cron was sending a mail, the php script was just a regular cron job... Stopped crond, tried debugging it in foreground and saw nothing related... Started crond back up again and the messages are no longer appearing... I wonder if it was something to do with cron being last started during an rpm transaction as a result of being upgraded and it receiving the rpmdb filehandles at that point and sharing them with sendmail... d ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
