FAQ
Following a hard drive corruption I have reinstalled the latest
version of CentOS and all current patch files.

For most applications I selected the default options. By doing this I
expected that the packages would play nice with one another and I
could customize as necessary.

Setting SELinux to enforce I encountered all sorts of problems - but
most were resolvable, save for Dovecot, Procmail (for spamc), and an
odd one with Apache.

Given that these were all installed with the CentOS install defaults,
I can't believe I am the only one with these issues but finding a
solution has not been self evident. Hoping someone here can help.

For Dovecot I get the following:
SELinux is preventing dovecot (dovecot_t) "create" to <Unknown>
(dovecot_t). For complete SELinux messages. run sealert -l
e1b070ab-586a-4c5a-befe-b6a46b9ab992

For procmail I get the following:
SELinux is preventing procmail (procmail_t) "execute" to ./spamc
(spamc_exec_t). For complete SELinux messages. run sealert -l
0a554689-4948-4edf-9964-dddbfe6a2492
SELinux is preventing sh (procmail_t) "read" to ./spamc
(spamc_exec_t). For complete SELinux messages. run sealert -l
1f1ebd83-412d-4e93-a36f-6f3d34c663df

For Apache it's even more strange - When started I get:
Syntax error on line 283 of /etc/httpd/conf/httpd.conf
DocumentRoot must be directory

But it is a directory, has the correct permissions and I have even run
chcon -R -h -t httpd_sys_content_t /web/www/ in an effort to correct
the problem. I run a virtual server too, and in trying to find a fix
for this that may be a problem - but first things first.

All the other issues I had I could resolve when I ran the specified
"sealert" tag and followed the suggested instructions - but those
above don't budge. When I go to the fedora.redhat.com/docs/selinux-fq-
fc5 site to take on making a local policy module I am quickly getting
lost . The option to simply disable SElinux with respect to Apache,
Dovecote or anything else is suggested - but not something I see in
the GUI window, and I have not figured out how to do it from the
command line.

Again, because these are default packages, I hope that someone else
knows how to resolve these.

With respect to the to reports from SELinux regarding Dovecot and
promail, here is a bit more info:

The info and Raw Audit message for dovecot_t is:
Source Context system_u:system_r:dovecot_t:s0
Target Context system_u:system_r:dovecot_t:s0
Target Objects None [ socket ]
Source dovecot
Source Path /usr/sbin/dovecot
Port <Unknown>
Host trailrunner
Source RPM Packages dovecot-1.0.7-7.el5
Target RPM Packages
Policy RPM selinux-policy-2.4.6-203.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name trailrunner
Platform Linux trailrunner 2.6.18-128.1.6.el5xen
#1 SMP Wed
Apr 1 10:38:05 EDT 2009 i686 athlon
Alert Count 2
First Seen Wed Apr 29 15:39:51 2009
Last Seen Wed Apr 29 15:47:31 2009
Local ID e1b070ab-586a-4c5a-befe-b6a46b9ab992
Line Numbers

Raw Audit Messages
host=trailrunner type=AVC msg=audit(1241041651.976:33): avc: denied
{ create } for pid884 comm="dovecot"
scontext=system_u:system_r:dovecot_t:s0
tcontext=system_u:system_r:dovecot_t:s0 tclass=socket
host=trailrunner type=SYSCALL msg=audit(1241041651.976:33):
arch@000003 syscall2 success=no exit=-13 a0=1 a1¿851070
a2ž45030 a3>1 items=0 ppid883 pid884 auidB94967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
sesB94967295 comm="dovecot" exe="/usr/sbin/dovecot"
subj=system_u:system_r:dovecot_t:s0 key=(null)

The Raw Audit Message for Procmail is:
Source Context system_u:system_r:procmail_t:s0
Target Context system_u:object_r:spamc_exec_t:s0
Target Objects ./spamc [ file ]
Source procmail
Source Path /usr/bin/procmail
Port <Unknown>
Host trailrunner
Source RPM Packages procmail-3.22-17.1.el5.centos
Target RPM Packages
Policy RPM selinux-policy-2.4.6-203.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name trailrunner
Platform Linux trailrunner 2.6.18-128.1.6.el5xen
#1 SMP Wed
Apr 1 10:38:05 EDT 2009 i686 athlon
Alert Count 29
First Seen Wed Apr 29 15:40:40 2009
Last Seen Wed Apr 29 16:25:40 2009
Local ID 0a554689-4948-4edf-9964-dddbfe6a2492
Line Numbers

Raw Audit Messages
host=trailrunner type=AVC msg=audit(1241043940.918:166): avc:
denied { execute } for pid344 comm="procmail" name="spamc"
dev=dm-0 ino762675 scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:spamc_exec_t:s0 tclass=file
host=trailrunner type=SYSCALL msg=audit(1241043940.918:166):
arch@000003 syscall success=no exit=-13 a0Žf1d90 a1Žf1020
a2Žf32d8 a3=1 items=0 ppid343 pid344 auidB94967295 uid=0
gid euid=0 suid=0 fsuid=0 egid sgid fsgid tty=(none)
sesB94967295 comm="procmail" exe="/usr/bin/procmail"
subj=system_u:system_r:procmail_t:s0 key=(null)







-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.centos.org/pipermail/centos/attachments/20090430/b22466a9/attachment.html

Search Discussions

  • Andrew Colin Kissa at Apr 30, 2009 at 2:43 pm
    Hi

    Dovecot is trying to open a socket, and procmail is trying to execute
    spamc, You should be able to fix these issues using audit2allow.

    Andrew.
    On 30 Apr 2009, at 4:07 PM, Dan Roberts wrote:

    Following a hard drive corruption I have reinstalled the latest
    version of CentOS and all current patch files.

    For most applications I selected the default options. By doing this
    I expected that the packages would play nice with one another and I
    could customize as necessary.

    Setting SELinux to enforce I encountered all sorts of problems - but
    most were resolvable, save for Dovecot, Procmail (for spamc), and an
    odd one with Apache.

    Given that these were all installed with the CentOS install
    defaults, I can't believe I am the only one with these issues but
    finding a solution has not been self evident. Hoping someone here
    can help.

    For Dovecot I get the following:
    SELinux is preventing dovecot (dovecot_t) "create" to <Unknown>
    (dovecot_t). For complete SELinux messages. run sealert -l
    e1b070ab-586a-4c5a-befe-b6a46b9ab992

    For procmail I get the following:
    SELinux is preventing procmail (procmail_t) "execute" to ./spamc
    (spamc_exec_t). For complete SELinux messages. run sealert -l
    0a554689-4948-4edf-9964-dddbfe6a2492
    SELinux is preventing sh (procmail_t) "read" to ./spamc
    (spamc_exec_t). For complete SELinux messages. run sealert -l
    1f1ebd83-412d-4e93-a36f-6f3d34c663df

    For Apache it's even more strange - When started I get:
    Syntax error on line 283 of /etc/httpd/conf/httpd.conf
    DocumentRoot must be directory

    But it is a directory, has the correct permissions and I have even
    run chcon -R -h -t httpd_sys_content_t /web/www/ in an effort to
    correct the problem. I run a virtual server too, and in trying to
    find a fix for this that may be a problem - but first things first.

    All the other issues I had I could resolve when I ran the specified
    "sealert" tag and followed the suggested instructions - but those
    above don't budge. When I go to the fedora.redhat.com/docs/selinux-
    fq-fc5 site to take on making a local policy module I am quickly
    getting lost . The option to simply disable SElinux with respect
    to Apache, Dovecote or anything else is suggested - but not
    something I see in the GUI window, and I have not figured out how to
    do it from the command line.

    Again, because these are default packages, I hope that someone else
    knows how to resolve these.

    With respect to the to reports from SELinux regarding Dovecot and
    promail, here is a bit more info:

    The info and Raw Audit message for dovecot_t is:
    Source Context system_u:system_r:dovecot_t:s0
    Target Context system_u:system_r:dovecot_t:s0
    Target Objects None [ socket ]
    Source dovecot
    Source Path /usr/sbin/dovecot
    Port <Unknown>
    Host trailrunner
    Source RPM Packages dovecot-1.0.7-7.el5
    Target RPM Packages
    Policy RPM selinux-policy-2.4.6-203.el5
    Selinux Enabled True
    Policy Type targeted
    MLS Enabled True
    Enforcing Mode Enforcing
    Plugin Name catchall
    Host Name trailrunner
    Platform Linux trailrunner
    2.6.18-128.1.6.el5xen #1 SMP Wed
    Apr 1 10:38:05 EDT 2009 i686 athlon
    Alert Count 2
    First Seen Wed Apr 29 15:39:51 2009
    Last Seen Wed Apr 29 15:47:31 2009
    Local ID e1b070ab-586a-4c5a-befe-b6a46b9ab992
    Line Numbers

    Raw Audit Messages
    host=trailrunner type=AVC msg=audit(1241041651.976:33): avc:
    denied { create } for pid884 comm="dovecot"
    scontext=system_u:system_r:dovecot_t:s0
    tcontext=system_u:system_r:dovecot_t:s0 tclass=socket
    host=trailrunner type=SYSCALL msg=audit(1241041651.976:33):
    arch@000003 syscall2 success=no exit=-13 a0=1 a1¿851070
    a2ž45030 a3>1 items=0 ppid883 pid884 auidB94967295 uid=0
    gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
    sesB94967295 comm="dovecot" exe="/usr/sbin/dovecot"
    subj=system_u:system_r:dovecot_t:s0 key=(null)

    The Raw Audit Message for Procmail is:
    Source Context system_u:system_r:procmail_t:s0
    Target Context system_u:object_r:spamc_exec_t:s0
    Target Objects ./spamc [ file ]
    Source procmail
    Source Path /usr/bin/procmail
    Port <Unknown>
    Host trailrunner
    Source RPM Packages procmail-3.22-17.1.el5.centos
    Target RPM Packages
    Policy RPM selinux-policy-2.4.6-203.el5
    Selinux Enabled True
    Policy Type targeted
    MLS Enabled True
    Enforcing Mode Enforcing
    Plugin Name catchall_file
    Host Name trailrunner
    Platform Linux trailrunner
    2.6.18-128.1.6.el5xen #1 SMP Wed
    Apr 1 10:38:05 EDT 2009 i686 athlon
    Alert Count 29
    First Seen Wed Apr 29 15:40:40 2009
    Last Seen Wed Apr 29 16:25:40 2009
    Local ID 0a554689-4948-4edf-9964-dddbfe6a2492
    Line Numbers

    Raw Audit Messages
    host=trailrunner type=AVC msg=audit(1241043940.918:166): avc:
    denied { execute } for pid344 comm="procmail" name="spamc"
    dev=dm-0 ino762675 scontext=system_u:system_r:procmail_t:s0
    tcontext=system_u:object_r:spamc_exec_t:s0 tclass=file
    host=trailrunner type=SYSCALL msg=audit(1241043940.918:166):
    arch@000003 syscall success=no exit=-13 a0Žf1d90 a1Žf1020
    a2Žf32d8 a3=1 items=0 ppid343 pid344 auidB94967295 uid=0
    gid euid=0 suid=0 fsuid=0 egid sgid fsgid tty=(none)
    sesB94967295 comm="procmail" exe="/usr/bin/procmail"
    subj=system_u:system_r:procmail_t:s0 key=(null)







    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.centos.org/pipermail/centos/attachments/20090430/ad2e7e2d/attachment.html
  • Dan Roberts at Apr 30, 2009 at 2:50 pm
    Ok, but how?

    There appear to be a lot of different options when employing
    audit2allow and I am reluctant to start blazing away trying different
    elements. I am missing the details of what socket an dhow the
    execution is occuring so that I can begin to develop the proper
    audit2allow sequence.



    On Apr 30, 2009, at 8:43 AM, Andrew Colin Kissa wrote:

    Hi

    Dovecot is trying to open a socket, and procmail is trying to
    execute spamc, You should be able to fix these issues using
    audit2allow.

    Andrew.
    On 30 Apr 2009, at 4:07 PM, Dan Roberts wrote:

    Following a hard drive corruption I have reinstalled the latest
    version of CentOS and all current patch files.

    For most applications I selected the default options. By doing
    this I expected that the packages would play nice with one another
    and I could customize as necessary.

    Setting SELinux to enforce I encountered all sorts of problems -
    but most were resolvable, save for Dovecot, Procmail (for spamc),
    and an odd one with Apache.

    Given that these were all installed with the CentOS install
    defaults, I can't believe I am the only one with these issues but
    finding a solution has not been self evident. Hoping someone here
    can help.

    For Dovecot I get the following:
    SELinux is preventing dovecot (dovecot_t) "create" to <Unknown>
    (dovecot_t). For complete SELinux messages. run sealert -l
    e1b070ab-586a-4c5a-befe-b6a46b9ab992

    For procmail I get the following:
    SELinux is preventing procmail (procmail_t) "execute" to ./spamc
    (spamc_exec_t). For complete SELinux messages. run sealert -l
    0a554689-4948-4edf-9964-dddbfe6a2492
    SELinux is preventing sh (procmail_t) "read" to ./spamc
    (spamc_exec_t). For complete SELinux messages. run sealert -l
    1f1ebd83-412d-4e93-a36f-6f3d34c663df

    For Apache it's even more strange - When started I get:
    Syntax error on line 283 of /etc/httpd/conf/httpd.conf
    DocumentRoot must be directory

    But it is a directory, has the correct permissions and I have even
    run chcon -R -h -t httpd_sys_content_t /web/www/ in an effort to
    correct the problem. I run a virtual server too, and in trying to
    find a fix for this that may be a problem - but first things first.

    All the other issues I had I could resolve when I ran the specified
    "sealert" tag and followed the suggested instructions - but those
    above don't budge. When I go to the fedora.redhat.com/docs/selinux-
    fq-fc5 site to take on making a local policy module I am quickly
    getting lost . The option to simply disable SElinux with respect
    to Apache, Dovecote or anything else is suggested - but not
    something I see in the GUI window, and I have not figured out how
    to do it from the command line.

    Again, because these are default packages, I hope that someone else
    knows how to resolve these.

    With respect to the to reports from SELinux regarding Dovecot and
    promail, here is a bit more info:

    The info and Raw Audit message for dovecot_t is:
    Source Context system_u:system_r:dovecot_t:s0
    Target Context system_u:system_r:dovecot_t:s0
    Target Objects None [ socket ]
    Source dovecot
    Source Path /usr/sbin/dovecot
    Port <Unknown>
    Host trailrunner
    Source RPM Packages dovecot-1.0.7-7.el5
    Target RPM Packages
    Policy RPM selinux-policy-2.4.6-203.el5
    Selinux Enabled True
    Policy Type targeted
    MLS Enabled True
    Enforcing Mode Enforcing
    Plugin Name catchall
    Host Name trailrunner
    Platform Linux trailrunner
    2.6.18-128.1.6.el5xen #1 SMP Wed
    Apr 1 10:38:05 EDT 2009 i686 athlon
    Alert Count 2
    First Seen Wed Apr 29 15:39:51 2009
    Last Seen Wed Apr 29 15:47:31 2009
    Local ID e1b070ab-586a-4c5a-befe-b6a46b9ab992
    Line Numbers

    Raw Audit Messages
    host=trailrunner type=AVC msg=audit(1241041651.976:33): avc:
    denied { create } for pid884 comm="dovecot"
    scontext=system_u:system_r:dovecot_t:s0
    tcontext=system_u:system_r:dovecot_t:s0 tclass=socket
    host=trailrunner type=SYSCALL msg=audit(1241041651.976:33):
    arch@000003 syscall2 success=no exit=-13 a0=1 a1¿851070
    a2ž45030 a3>1 items=0 ppid883 pid884 auidB94967295 uid=0
    gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
    sesB94967295 comm="dovecot" exe="/usr/sbin/dovecot"
    subj=system_u:system_r:dovecot_t:s0 key=(null)

    The Raw Audit Message for Procmail is:
    Source Context system_u:system_r:procmail_t:s0
    Target Context system_u:object_r:spamc_exec_t:s0
    Target Objects ./spamc [ file ]
    Source procmail
    Source Path /usr/bin/procmail
    Port <Unknown>
    Host trailrunner
    Source RPM Packages procmail-3.22-17.1.el5.centos
    Target RPM Packages
    Policy RPM selinux-policy-2.4.6-203.el5
    Selinux Enabled True
    Policy Type targeted
    MLS Enabled True
    Enforcing Mode Enforcing
    Plugin Name catchall_file
    Host Name trailrunner
    Platform Linux trailrunner
    2.6.18-128.1.6.el5xen #1 SMP Wed
    Apr 1 10:38:05 EDT 2009 i686 athlon
    Alert Count 29
    First Seen Wed Apr 29 15:40:40 2009
    Last Seen Wed Apr 29 16:25:40 2009
    Local ID 0a554689-4948-4edf-9964-dddbfe6a2492
    Line Numbers

    Raw Audit Messages
    host=trailrunner type=AVC msg=audit(1241043940.918:166): avc:
    denied { execute } for pid344 comm="procmail" name="spamc"
    dev=dm-0 ino762675 scontext=system_u:system_r:procmail_t:s0
    tcontext=system_u:object_r:spamc_exec_t:s0 tclass=file
    host=trailrunner type=SYSCALL msg=audit(1241043940.918:166):
    arch@000003 syscall success=no exit=-13 a0Žf1d90 a1Žf1020
    a2Žf32d8 a3=1 items=0 ppid343 pid344 auidB94967295 uid=0
    gid euid=0 suid=0 fsuid=0 egid sgid fsgid tty=(none)
    sesB94967295 comm="procmail" exe="/usr/bin/procmail"
    subj=system_u:system_r:procmail_t:s0 key=(null)







    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos
    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.centos.org/pipermail/centos/attachments/20090430/1554f874/attachment.html
  • Andrew Colin Kissa at Apr 30, 2009 at 3:11 pm
    The audit.log should contain more detail than is being provided here,
    if it is a unix socket you should see the path, i suspect it is the
    unix socket not the tcp sockets (pop3/imap)

    On 30 Apr 2009, at 4:50 PM, Dan Roberts wrote:

    Ok, but how?

    There appear to be a lot of different options when employing
    audit2allow and I am reluctant to start blazing away trying
    different elements. I am missing the details of what socket an dhow
    the execution is occuring so that I can begin to develop the proper
    audit2allow sequence.



    On Apr 30, 2009, at 8:43 AM, Andrew Colin Kissa wrote:

    Hi

    Dovecot is trying to open a socket, and procmail is trying to
    execute spamc, You should be able to fix these issues using
    audit2allow.

    Andrew.
    On 30 Apr 2009, at 4:07 PM, Dan Roberts wrote:

    Following a hard drive corruption I have reinstalled the latest
    version of CentOS and all current patch files.

    For most applications I selected the default options. By doing
    this I expected that the packages would play nice with one another
    and I could customize as necessary.

    Setting SELinux to enforce I encountered all sorts of problems -
    but most were resolvable, save for Dovecot, Procmail (for spamc),
    and an odd one with Apache.

    Given that these were all installed with the CentOS install
    defaults, I can't believe I am the only one with these issues but
    finding a solution has not been self evident. Hoping someone here
    can help.

    For Dovecot I get the following:
    SELinux is preventing dovecot (dovecot_t) "create" to <Unknown>
    (dovecot_t). For complete SELinux messages. run sealert -l
    e1b070ab-586a-4c5a-befe-b6a46b9ab992

    For procmail I get the following:
    SELinux is preventing procmail (procmail_t) "execute" to ./spamc
    (spamc_exec_t). For complete SELinux messages. run sealert -l
    0a554689-4948-4edf-9964-dddbfe6a2492
    SELinux is preventing sh (procmail_t) "read" to ./spamc
    (spamc_exec_t). For complete SELinux messages. run sealert -l
    1f1ebd83-412d-4e93-a36f-6f3d34c663df

    For Apache it's even more strange - When started I get:
    Syntax error on line 283 of /etc/httpd/conf/httpd.conf
    DocumentRoot must be directory

    But it is a directory, has the correct permissions and I have even
    run chcon -R -h -t httpd_sys_content_t /web/www/ in an effort to
    correct the problem. I run a virtual server too, and in trying to
    find a fix for this that may be a problem - but first things first.

    All the other issues I had I could resolve when I ran the
    specified "sealert" tag and followed the suggested instructions -
    but those above don't budge. When I go to the fedora.redhat.com/
    docs/selinux-fq-fc5 site to take on making a local policy module I
    am quickly getting lost . The option to simply disable SElinux
    with respect to Apache, Dovecote or anything else is suggested -
    but not something I see in the GUI window, and I have not figured
    out how to do it from the command line.

    Again, because these are default packages, I hope that someone
    else knows how to resolve these.

    With respect to the to reports from SELinux regarding Dovecot and
    promail, here is a bit more info:

    The info and Raw Audit message for dovecot_t is:
    Source Context system_u:system_r:dovecot_t:s0
    Target Context system_u:system_r:dovecot_t:s0
    Target Objects None [ socket ]
    Source dovecot
    Source Path /usr/sbin/dovecot
    Port <Unknown>
    Host trailrunner
    Source RPM Packages dovecot-1.0.7-7.el5
    Target RPM Packages
    Policy RPM selinux-policy-2.4.6-203.el5
    Selinux Enabled True
    Policy Type targeted
    MLS Enabled True
    Enforcing Mode Enforcing
    Plugin Name catchall
    Host Name trailrunner
    Platform Linux trailrunner
    2.6.18-128.1.6.el5xen #1 SMP Wed
    Apr 1 10:38:05 EDT 2009 i686 athlon
    Alert Count 2
    First Seen Wed Apr 29 15:39:51 2009
    Last Seen Wed Apr 29 15:47:31 2009
    Local ID e1b070ab-586a-4c5a-befe-b6a46b9ab992
    Line Numbers

    Raw Audit Messages
    host=trailrunner type=AVC msg=audit(1241041651.976:33): avc:
    denied { create } for pid884 comm="dovecot"
    scontext=system_u:system_r:dovecot_t:s0
    tcontext=system_u:system_r:dovecot_t:s0 tclass=socket
    host=trailrunner type=SYSCALL msg=audit(1241041651.976:33):
    arch@000003 syscall2 success=no exit=-13 a0=1 a1¿851070
    a2ž45030 a3>1 items=0 ppid883 pid884 auidB94967295 uid=0
    gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
    sesB94967295 comm="dovecot" exe="/usr/sbin/dovecot"
    subj=system_u:system_r:dovecot_t:s0 key=(null)

    The Raw Audit Message for Procmail is:
    Source Context system_u:system_r:procmail_t:s0
    Target Context system_u:object_r:spamc_exec_t:s0
    Target Objects ./spamc [ file ]
    Source procmail
    Source Path /usr/bin/procmail
    Port <Unknown>
    Host trailrunner
    Source RPM Packages procmail-3.22-17.1.el5.centos
    Target RPM Packages
    Policy RPM selinux-policy-2.4.6-203.el5
    Selinux Enabled True
    Policy Type targeted
    MLS Enabled True
    Enforcing Mode Enforcing
    Plugin Name catchall_file
    Host Name trailrunner
    Platform Linux trailrunner
    2.6.18-128.1.6.el5xen #1 SMP Wed
    Apr 1 10:38:05 EDT 2009 i686 athlon
    Alert Count 29
    First Seen Wed Apr 29 15:40:40 2009
    Last Seen Wed Apr 29 16:25:40 2009
    Local ID 0a554689-4948-4edf-9964-dddbfe6a2492
    Line Numbers

    Raw Audit Messages
    host=trailrunner type=AVC msg=audit(1241043940.918:166): avc:
    denied { execute } for pid344 comm="procmail" name="spamc"
    dev=dm-0 ino762675 scontext=system_u:system_r:procmail_t:s0
    tcontext=system_u:object_r:spamc_exec_t:s0 tclass=file
    host=trailrunner type=SYSCALL msg=audit(1241043940.918:166):
    arch@000003 syscall success=no exit=-13 a0Žf1d90 a1Žf1020
    a2Žf32d8 a3=1 items=0 ppid343 pid344 auidB94967295 uid=0
    gid euid=0 suid=0 fsuid=0 egid sgid fsgid tty=(none)
    sesB94967295 comm="procmail" exe="/usr/bin/procmail"
    subj=system_u:system_r:procmail_t:s0 key=(null)







    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos
    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos
    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.centos.org/pipermail/centos/attachments/20090430/d99adbd0/attachment.html
  • Ned Slider at Apr 30, 2009 at 7:38 pm

    Dan Roberts wrote:
    Ok, but how?
    http://wiki.centos.org/HowTos/SELinux
  • Dan Roberts at Apr 30, 2009 at 11:38 pm
    Thanks - this is helpful but still not quite a fix. The suggested
    fixes seem general for the three issues of dovecot, nmbd, and spamc -
    but audit2allow does at least create them.

    [dan at trailrunner ~]$ cat dovecotsocketselinux.te

    module dovecotsocketselinux 1.0;

    require {
    type dovecot_t;
    class socket create;
    }

    #============= dovecot_t ==============
    allow dovecot_t self:socket create;
    [dan at trailrunner ~]$
    [dan at trailrunner ~]$
    [dan at trailrunner ~]$ cat nmbdselinux.te

    module nmbdselinux 1.0;

    require {
    type samba_share_t;
    type nmbd_t;
    class file { rename getattr unlink append };
    class dir { search setattr };
    }

    #============= nmbd_t ==============
    allow nmbd_t samba_share_t:dir { search setattr };
    allow nmbd_t samba_share_t:file { rename getattr unlink append };
    [dan at trailrunner ~]$
    [dan at trailrunner ~]$
    [dan at trailrunner ~]$ cat spamcselinux.te

    module spamcselinux 1.0;

    require {
    type spamc_exec_t;
    type procmail_t;
    class file { read execute execute_no_trans };
    }

    #============= procmail_t ==============
    allow procmail_t spamc_exec_t:file { read execute execute_no_trans };
    [dan at trailrunner ~]$

    The problem is that when these are installed, dovecot fails - port 993
    already in use.

    So now what - again, default CentOS options and configuration for all
    three of these.
    On Apr 30, 2009, at 1:38 PM, Ned Slider wrote:

    Dan Roberts wrote:
    Ok, but how?
    http://wiki.centos.org/HowTos/SELinux

    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos
  • Lanny Marcus at Apr 30, 2009 at 5:44 pm

    On Thu, Apr 30, 2009 at 9:07 AM, Dan Roberts wrote:
    Following a hard drive corruption I have reinstalled the latest version of
    CentOS and all current patch files.
    For most applications I selected the default options. ?By doing this I
    expected that the packages would play nice with one another and I could
    customize as necessary.
    Setting SELinux to enforce I encountered all sorts of problems - but most
    were resolvable, save for Dovecot, Procmail (for spamc), and an odd one <snip>
    take on making a local policy module I am quickly getting lost . ? The
    option to simply disable SElinux with respect to Apache, Dovecote or
    anything else is suggested - but not something I see in the GUI window, and
    I have not figured out how to do it from the command line.
    Disabling SELinux is *not* recommended, by those who know, on this
    mailing list and in other places. Maybe drop it down from "Enforcing"
    to Permissive, until you get it configured properly.

    You might want to go to <http://www.nsa.gov/> and download the .pdf
    version of their manual about hardening RHEL 5. Look for the December
    20, 2007 version. On page 42, they begin discussing SELinux and how to
    configure/troubleshoot it. "Guide to the Secure Configuration of Red
    Hat Enterprise Linux 5". HTH and GL
  • Dan Roberts at Apr 30, 2009 at 8:32 pm
    I would like not to disable SELinux, and I have the guide from the
    nsa. But try as I might these three things are being difficult.
    Given that it was a default install for them I have no idea how or why.

    Some google searches and even the SELinux FAQ suggest remedy options
    that involve data that I just don't seem to have - that's where the
    expertise of someone who has had to deal with something similar would
    be very helpful.

    On Apr 30, 2009, at 11:44 AM, Lanny Marcus wrote:
    On Thu, Apr 30, 2009 at 9:07 AM, Dan Roberts wrote:
    Following a hard drive corruption I have reinstalled the latest
    version of
    CentOS and all current patch files.
    For most applications I selected the default options. By doing
    this I
    expected that the packages would play nice with one another and I
    could
    customize as necessary.
    Setting SELinux to enforce I encountered all sorts of problems -
    but most
    were resolvable, save for Dovecot, Procmail (for spamc), and an odd
    one <snip>
    take on making a local policy module I am quickly getting lost .
    The
    option to simply disable SElinux with respect to Apache, Dovecote or
    anything else is suggested - but not something I see in the GUI
    window, and
    I have not figured out how to do it from the command line.
    Disabling SELinux is *not* recommended, by those who know, on this
    mailing list and in other places. Maybe drop it down from "Enforcing"
    to Permissive, until you get it configured properly.

    You might want to go to <http://www.nsa.gov/> and download the .pdf
    version of their manual about hardening RHEL 5. Look for the December
    20, 2007 version. On page 42, they begin discussing SELinux and how to
    configure/troubleshoot it. "Guide to the Secure Configuration of Red
    Hat Enterprise Linux 5". HTH and GL
    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcentos @
categoriescentos
postedApr 30, '09 at 2:07p
activeApr 30, '09 at 11:38p
posts8
users4
websitecentos.org
irc#centos

People

Translate

site design / logo © 2022 Grokbase