Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 304022 Details for
Bug 444342
sealert: Input is not proper UTF-8, indicate encoding
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
/var/lib/setroubleshoot/audit_listener_database.xml
audit_listener_database.xml.txt (text/plain), 50.26 KB, created by
Robert Scheck
on 2008-04-28 18:27:35 UTC
(
hide
)
Description:
/var/lib/setroubleshoot/audit_listener_database.xml
Filename:
MIME Type:
Creator:
Robert Scheck
Created:
2008-04-28 18:27:35 UTC
Size:
50.26 KB
patch
obsolete
><?xml version="1.0" encoding="utf-8"?> ><sigs version="3.0"> > <signature_list> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="tux" milli="723" seconds="1209313076" serial="194465"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read } for pid=1147 comm="spamassassin" path="/var/spool/mqueue/dfm3RGHqqw001141" dev=cciss/c0d0p2 ino=1097746 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=file</body_text> > <event_id host="tux" milli="723" seconds="1209313076" serial="194465"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=11 success=yes exit=0 a0=bfbd67a4 a1=94f4578 a2=94f4530 a3=94f45cf items=0 ppid=1146 pid=1147 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null)</body_text> > <event_id host="tux" milli="723" seconds="1209313076" serial="194465"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>tux</hostname> > <kernel>2.6.24.3-12.fc8 i686</kernel> > <platform>Fedora release 9 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-42</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux tux 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-04-27T16:17:56Z</first_seen_date> > <host>tux</host> > <last_seen_date>2008-04-27T16:17:56Z</last_seen_date> > <local_id>79cb7dd4-07df-4803-8653-b4aa918bd7cb</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>tux</host> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="mqueue_spool_t" user="system_u"/> > <tpath>/var/spool/mqueue/dfm3RGHqqw001141</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for /var/spool/mqueue/dfm3RGHqqw001141, > <p> > restorecon -v '/var/spool/mqueue/dfm3RGHqqw001141' > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by spamassassin. It is not > expected that this access is required by spamassassin and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing spamassassin (spamassassin_t) "read" to /var/spool/mqueue/dfm3RGHqqw001141 (mqueue_spool_t). > ]]></summary> > </solution> > <source>spamassassin</source> > <spath>/usr/bin/perl</spath> > <src_rpm_list> > <rpm>perl-5.10.0-20</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="mqueue_spool_t" user="system_u"/> > <tpath>/var/spool/mqueue/dfm3RGHqqw001141</tpath> > <users> > <user delete_flag="False" seen_flag="False" username="email:root@tux"> > <filter> > <count>1</count> > <filter_type>8</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="tux" milli="443" seconds="1209319733" serial="194704"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { search } for pid=14087 comm="sshd" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=key</body_text> > <event_id host="tux" milli="443" seconds="1209319733" serial="194704"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=288 success=yes exit=0 a0=3 a1=d345f76 a2=0 a3=64 items=0 ppid=4271 pid=14087 auid=500 uid=0 gid=0 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="tux" milli="443" seconds="1209319733" serial="194704"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>tux</hostname> > <kernel>2.6.24.3-12.fc8 i686</kernel> > <platform>Fedora release 9 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-42</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux tux 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-04-27T17:31:00Z</first_seen_date> > <host>tux</host> > <last_seen_date>2008-04-27T18:08:53Z</last_seen_date> > <local_id>3bf9b613-7588-4dec-a917-2b88fbc7886e</local_id> > <report_count>2</report_count> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="sshd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>search</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>tux</host> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="sshd_t" user="system_u"/> > <tclass>key</tclass> > <tcontext mls="s0" role="system_r" type="initrc_t" user="system_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sie können ein lokales Richtlinienmodul generieren, um diesen Zugriff > zu erlauben - siehe <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Sie können den SELinux-Schutz auch komplett deaktivieren. > Dies wird jedoch nicht empfohlen. > Bitte reichen Sie einen <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">Bug-Report</a> > für dieses Paket ein. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by sshd. It is not > expected that this access is required by sshd and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing sshd (sshd_t) "search" to <Unbekannt> (initrc_t). > ]]></summary> > </solution> > <source>sshd</source> > <spath>/usr/sbin/sshd</spath> > <src_rpm_list> > <rpm>openssh-server-5.0p1-1</rpm> > </src_rpm_list> > <tclass>key</tclass> > <tcontext mls="s0" role="system_r" type="initrc_t" user="system_u"/> > <users> > <user delete_flag="False" seen_flag="False" username="email:root@tux"> > <filter> > <count>2</count> > <filter_type>8</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="tux" milli="198" seconds="1209326785" serial="194900"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { write } for pid=27107 comm="spamassassin" path="pipe:[45475576]" dev=pipefs ino=45475576 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=fifo_file</body_text> > <event_id host="tux" milli="198" seconds="1209326785" serial="194900"/> > </audit_record> > <audit_record record_type="AVC"> > <body_text>avc: denied { read write } for pid=27107 comm="spamassassin" path="socket:[45475524]" dev=sockfs ino=45475524 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=unix_stream_socket</body_text> > <event_id host="tux" milli="198" seconds="1209326785" serial="194900"/> > </audit_record> > <audit_record record_type="AVC"> > <body_text>avc: denied { read } for pid=27107 comm="spamassassin" path="/var/spool/mqueue/dfm3RK6LOp027099" dev=cciss/c0d0p2 ino=1097746 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=file</body_text> > <event_id host="tux" milli="198" seconds="1209326785" serial="194900"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=11 success=yes exit=0 a0=bfac5524 a1=a008020 a2=a00acf8 a3=a00adaf items=0 ppid=27106 pid=27107 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null)</body_text> > <event_id host="tux" milli="198" seconds="1209326785" serial="194900"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>tux</hostname> > <kernel>2.6.24.3-12.fc8 i686</kernel> > <platform>Fedora release 9 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-42</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux tux 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-04-27T16:17:42Z</first_seen_date> > <host>tux</host> > <last_seen_date>2008-04-27T20:06:25Z</last_seen_date> > <local_id>9f549b23-78d9-438e-92e0-dc5af5e8d6e7</local_id> > <report_count>8</report_count> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>write</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>tux</host> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <tclass>fifo_file</tclass> > <tcontext mls="s0" role="system_r" type="sendmail_t" user="system_u"/> > <tpath>pipe</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sie können ein lokales Richtlinienmodul generieren, um diesen Zugriff > zu erlauben - siehe <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Sie können den SELinux-Schutz auch komplett deaktivieren. > Dies wird jedoch nicht empfohlen. > Bitte reichen Sie einen <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">Bug-Report</a> > für dieses Paket ein. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by spamassassin. It is not > expected that this access is required by spamassassin and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing spamassassin (spamassassin_t) "write" to pipe (sendmail_t). > ]]></summary> > </solution> > <source>spamassassin</source> > <spath>/usr/bin/perl</spath> > <src_rpm_list> > <rpm>perl-5.10.0-20</rpm> > </src_rpm_list> > <tclass>fifo_file</tclass> > <tcontext mls="s0" role="system_r" type="sendmail_t" user="system_u"/> > <tpath>pipe</tpath> > <users> > <user delete_flag="False" seen_flag="False" username="email:root@tux"> > <filter> > <count>8</count> > <filter_type>8</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="tux" milli="204" seconds="1209326785" serial="194901"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { ioctl } for pid=27107 comm="spamassassin" path="pipe:[45475576]" dev=pipefs ino=45475576 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=fifo_file</body_text> > <event_id host="tux" milli="204" seconds="1209326785" serial="194901"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=54 success=no exit=-22 a0=2 a1=5401 a2=bf997158 a3=bf997198 items=0 ppid=27106 pid=27107 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null)</body_text> > <event_id host="tux" milli="204" seconds="1209326785" serial="194901"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>tux</hostname> > <kernel>2.6.24.3-12.fc8 i686</kernel> > <platform>Fedora release 9 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-42</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux tux 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-04-27T16:17:42Z</first_seen_date> > <host>tux</host> > <last_seen_date>2008-04-27T20:06:25Z</last_seen_date> > <local_id>3de421ba-587d-46a0-bb7f-29bac71e42c8</local_id> > <report_count>8</report_count> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>ioctl</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>tux</host> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <tclass>fifo_file</tclass> > <tcontext mls="s0" role="system_r" type="sendmail_t" user="system_u"/> > <tpath>pipe</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sie können ein lokales Richtlinienmodul generieren, um diesen Zugriff > zu erlauben - siehe <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Sie können den SELinux-Schutz auch komplett deaktivieren. > Dies wird jedoch nicht empfohlen. > Bitte reichen Sie einen <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">Bug-Report</a> > für dieses Paket ein. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by spamassassin. It is not > expected that this access is required by spamassassin and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing spamassassin (spamassassin_t) "ioctl" to pipe (sendmail_t). > ]]></summary> > </solution> > <source>spamassassin</source> > <spath>/usr/bin/perl</spath> > <src_rpm_list> > <rpm>perl-5.10.0-20</rpm> > </src_rpm_list> > <tclass>fifo_file</tclass> > <tcontext mls="s0" role="system_r" type="sendmail_t" user="system_u"/> > <tpath>pipe</tpath> > <users> > <user delete_flag="False" seen_flag="False" username="email:root@tux"> > <filter> > <count>8</count> > <filter_type>8</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="tux" milli="699" seconds="1209326785" serial="194902"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read } for pid=27107 comm="spamassassin" name="3.002004" dev=cciss/c0d0p2 ino=213165 scontext=system_u:system_r:spamassassin_t:s0 tcontext=unconfined_u:object_r:spamd_var_lib_t:s0 tclass=dir</body_text> > <event_id host="tux" milli="699" seconds="1209326785" serial="194902"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=5 success=yes exit=3 a0=aabf574 a1=98800 a2=bf9974a8 a3=aa1e6d4 items=0 ppid=27106 pid=27107 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null)</body_text> > <event_id host="tux" milli="699" seconds="1209326785" serial="194902"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>tux</hostname> > <kernel>2.6.24.3-12.fc8 i686</kernel> > <platform>Fedora release 9 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-42</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux tux 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-04-27T16:17:42Z</first_seen_date> > <host>tux</host> > <last_seen_date>2008-04-27T20:06:25Z</last_seen_date> > <local_id>331f1cff-b1c0-403c-ae34-957ce262cd2b</local_id> > <report_count>9</report_count> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>tux</host> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <tclass>dir</tclass> > <tcontext mls="s0" role="object_r" type="spamd_var_lib_t" user="unconfined_u"/> > <tpath>./3.002004</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for ./3.002004, > <p> > restorecon -v './3.002004' > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by spamassassin. It is not > expected that this access is required by spamassassin and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing spamassassin (spamassassin_t) "read" to ./3.002004 (spamd_var_lib_t). > ]]></summary> > </solution> > <source>spamassassin</source> > <spath>/usr/bin/perl</spath> > <src_rpm_list> > <rpm>perl-5.10.0-20</rpm> > </src_rpm_list> > <tclass>dir</tclass> > <tcontext mls="s0" role="object_r" type="spamd_var_lib_t" user="unconfined_u"/> > <tpath>./3.002004</tpath> > <users> > <user delete_flag="False" seen_flag="False" username="email:root@tux"> > <filter> > <count>9</count> > <filter_type>8</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="tux" milli="700" seconds="1209326785" serial="194903"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { getattr } for pid=27107 comm="spamassassin" path="/var/lib/spamassassin/3.002004/updates_spamassassin_org.cf" dev=cciss/c0d0p2 ino=213284 scontext=system_u:system_r:spamassassin_t:s0 tcontext=unconfined_u:object_r:spamd_var_lib_t:s0 tclass=file</body_text> > <event_id host="tux" milli="700" seconds="1209326785" serial="194903"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=195 success=yes exit=0 a0=a2bbb7c a1=a0420c0 a2=5aeff4 a3=a2bbb7c items=0 ppid=27106 pid=27107 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null)</body_text> > <event_id host="tux" milli="700" seconds="1209326785" serial="194903"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>tux</hostname> > <kernel>2.6.24.3-12.fc8 i686</kernel> > <platform>Fedora release 9 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-42</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux tux 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-04-27T16:17:42Z</first_seen_date> > <host>tux</host> > <last_seen_date>2008-04-27T20:06:25Z</last_seen_date> > <local_id>1c6f10b8-e4c2-42b3-ba69-cbb34f157fed</local_id> > <report_count>10</report_count> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>getattr</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>tux</host> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="spamd_var_lib_t" user="unconfined_u"/> > <tpath>/var/lib/spamassassin/3.002004/updates_spamassassin_org.cf</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for /var/lib/spamassassin/3.002004/updates_spamassassin_org.cf, > <p> > restorecon -v '/var/lib/spamassassin/3.002004/updates_spamassassin_org.cf' > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by spamassassin. It is not > expected that this access is required by spamassassin and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing spamassassin (spamassassin_t) "getattr" to /var/lib/spamassassin/3.002004/updates_spamassassin_org.cf (spamd_var_lib_t). > ]]></summary> > </solution> > <source>spamassassin</source> > <spath>/usr/bin/perl</spath> > <src_rpm_list> > <rpm>perl-5.10.0-20</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="spamd_var_lib_t" user="unconfined_u"/> > <tpath>/var/lib/spamassassin/3.002004/updates_spamassassin_org.cf</tpath> > <users> > <user delete_flag="False" seen_flag="False" username="email:root@tux"> > <filter> > <count>10</count> > <filter_type>8</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="tux" milli="700" seconds="1209326785" serial="194905"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { ioctl } for pid=27107 comm="spamassassin" path="/var/lib/spamassassin/3.002004/updates_spamassassin_org.cf" dev=cciss/c0d0p2 ino=213284 scontext=system_u:system_r:spamassassin_t:s0 tcontext=unconfined_u:object_r:spamd_var_lib_t:s0 tclass=file</body_text> > <event_id host="tux" milli="700" seconds="1209326785" serial="194905"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bf997118 a3=bf997158 items=0 ppid=27106 pid=27107 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null)</body_text> > <event_id host="tux" milli="700" seconds="1209326785" serial="194905"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>tux</hostname> > <kernel>2.6.24.3-12.fc8 i686</kernel> > <platform>Fedora release 9 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-42</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux tux 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-04-27T16:17:42Z</first_seen_date> > <host>tux</host> > <last_seen_date>2008-04-27T20:06:25Z</last_seen_date> > <local_id>ccde9948-7b93-409c-ac9f-d457abd1ac28</local_id> > <report_count>9</report_count> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>ioctl</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>tux</host> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="spamd_var_lib_t" user="unconfined_u"/> > <tpath>/var/lib/spamassassin/3.002004/updates_spamassassin_org.cf</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for /var/lib/spamassassin/3.002004/updates_spamassassin_org.cf, > <p> > restorecon -v '/var/lib/spamassassin/3.002004/updates_spamassassin_org.cf' > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by spamassassin. It is not > expected that this access is required by spamassassin and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing spamassassin (spamassassin_t) "ioctl" to /var/lib/spamassassin/3.002004/updates_spamassassin_org.cf (spamd_var_lib_t). > ]]></summary> > </solution> > <source>spamassassin</source> > <spath>/usr/bin/perl</spath> > <src_rpm_list> > <rpm>perl-5.10.0-20</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="spamd_var_lib_t" user="unconfined_u"/> > <tpath>/var/lib/spamassassin/3.002004/updates_spamassassin_org.cf</tpath> > <users> > <user delete_flag="False" seen_flag="False" username="email:root@tux"> > <filter> > <count>9</count> > <filter_type>8</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="tux" milli="700" seconds="1209326785" serial="194904"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read } for pid=27107 comm="spamassassin" name="updates_spamassassin_org.cf" dev=cciss/c0d0p2 ino=213284 scontext=system_u:system_r:spamassassin_t:s0 tcontext=unconfined_u:object_r:spamd_var_lib_t:s0 tclass=file</body_text> > <event_id host="tux" milli="700" seconds="1209326785" serial="194904"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=5 success=yes exit=3 a0=aac2edc a1=8000 a2=0 a3=8000 items=0 ppid=27106 pid=27107 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null)</body_text> > <event_id host="tux" milli="700" seconds="1209326785" serial="194904"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>tux</hostname> > <kernel>2.6.24.3-12.fc8 i686</kernel> > <platform>Fedora release 9 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-42</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux tux 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-04-27T16:17:42Z</first_seen_date> > <host>tux</host> > <last_seen_date>2008-04-27T20:06:25Z</last_seen_date> > <local_id>0449d4c8-eb86-4e5c-bf63-041474b08d0a</local_id> > <report_count>9</report_count> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>tux</host> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="spamd_var_lib_t" user="unconfined_u"/> > <tpath>./updates_spamassassin_org.cf</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for ./updates_spamassassin_org.cf, > <p> > restorecon -v './updates_spamassassin_org.cf' > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by spamassassin. It is not > expected that this access is required by spamassassin and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing spamassassin (spamassassin_t) "read" to ./updates_spamassassin_org.cf (spamd_var_lib_t). > ]]></summary> > </solution> > <source>spamassassin</source> > <spath>/usr/bin/perl</spath> > <src_rpm_list> > <rpm>perl-5.10.0-20</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="spamd_var_lib_t" user="unconfined_u"/> > <tpath>./updates_spamassassin_org.cf</tpath> > <users> > <user delete_flag="False" seen_flag="False" username="email:root@tux"> > <filter> > <count>9</count> > <filter_type>8</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="tux" milli="902" seconds="1209326786" serial="194906"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read } for pid=27107 comm="spamassassin" name="stat" dev=proc ino=4026531853 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file</body_text> > <event_id host="tux" milli="902" seconds="1209326786" serial="194906"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=5 success=yes exit=4 a0=5835fd a1=0 a2=1b6 a3=5835fd items=0 ppid=27106 pid=27107 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null)</body_text> > <event_id host="tux" milli="902" seconds="1209326786" serial="194906"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>tux</hostname> > <kernel>2.6.24.3-12.fc8 i686</kernel> > <platform>Fedora release 9 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-42</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux tux 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-04-27T16:17:44Z</first_seen_date> > <host>tux</host> > <last_seen_date>2008-04-27T20:06:26Z</last_seen_date> > <local_id>f40cd304-5c9a-45cb-a2bf-241644136b81</local_id> > <report_count>8</report_count> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>tux</host> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="proc_t" user="system_u"/> > <tpath>./stat</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for ./stat, > <p> > restorecon -v './stat' > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by spamassassin. It is not > expected that this access is required by spamassassin and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing spamassassin (spamassassin_t) "read" to ./stat (proc_t). > ]]></summary> > </solution> > <source>spamassassin</source> > <spath>/usr/bin/perl</spath> > <src_rpm_list> > <rpm>perl-5.10.0-20</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="proc_t" user="system_u"/> > <tpath>./stat</tpath> > <users> > <user delete_flag="False" seen_flag="False" username="email:root@tux"> > <filter> > <count>8</count> > <filter_type>8</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="tux" milli="902" seconds="1209326786" serial="194907"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { getattr } for pid=27107 comm="spamassassin" path="/proc/stat" dev=proc ino=4026531853 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file</body_text> > <event_id host="tux" milli="902" seconds="1209326786" serial="194907"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf994e68 a2=5aeff4 a3=b03d700 items=0 ppid=27106 pid=27107 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null)</body_text> > <event_id host="tux" milli="902" seconds="1209326786" serial="194907"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>tux</hostname> > <kernel>2.6.24.3-12.fc8 i686</kernel> > <platform>Fedora release 9 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-42</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux tux 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-04-27T16:17:44Z</first_seen_date> > <host>tux</host> > <last_seen_date>2008-04-27T20:06:26Z</last_seen_date> > <local_id>76f38e05-bfae-41bf-afbc-3b34d50de8ac</local_id> > <report_count>8</report_count> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>getattr</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>tux</host> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="proc_t" user="system_u"/> > <tpath>/proc/stat</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for /proc/stat, > <p> > restorecon -v '/proc/stat' > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by spamassassin. It is not > expected that this access is required by spamassassin and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing spamassassin (spamassassin_t) "getattr" to /proc/stat (proc_t). > ]]></summary> > </solution> > <source>spamassassin</source> > <spath>/usr/bin/perl</spath> > <src_rpm_list> > <rpm>perl-5.10.0-20</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="proc_t" user="system_u"/> > <tpath>/proc/stat</tpath> > <users> > <user delete_flag="False" seen_flag="False" username="email:root@tux"> > <filter> > <count>8</count> > <filter_type>8</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="tux" milli="925" seconds="1209326786" serial="194908"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { node_bind } for pid=27107 comm="spamassassin" src=43698 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=udp_socket</body_text> > <event_id host="tux" milli="925" seconds="1209326786" serial="194908"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bf9974a0 a2=39b4d4 a3=10 items=0 ppid=27106 pid=27107 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null)</body_text> > <event_id host="tux" milli="925" seconds="1209326786" serial="194908"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>tux</hostname> > <kernel>2.6.24.3-12.fc8 i686</kernel> > <platform>Fedora release 9 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-42</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux tux 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-04-27T16:17:51Z</first_seen_date> > <host>tux</host> > <last_seen_date>2008-04-27T20:06:26Z</last_seen_date> > <local_id>d69039c3-6f93-40e9-abd0-8658a98824f1</local_id> > <port>43698</port> > <report_count>5</report_count> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>node_bind</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>tux</host> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <tclass>udp_socket</tclass> > <tcontext mls="s0" role="object_r" type="inaddr_any_node_t" user="system_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sie können ein lokales Richtlinienmodul generieren, um diesen Zugriff > zu erlauben - siehe <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Sie können den SELinux-Schutz auch komplett deaktivieren. > Dies wird jedoch nicht empfohlen. > Bitte reichen Sie einen <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">Bug-Report</a> > für dieses Paket ein. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by spamassassin. It is not > expected that this access is required by spamassassin and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing spamassassin (spamassassin_t) "node_bind" to <Unbekannt> (inaddr_any_node_t). > ]]></summary> > </solution> > <source>spamassassin</source> > <spath>/usr/bin/perl</spath> > <src_rpm_list> > <rpm>perl-5.10.0-20</rpm> > </src_rpm_list> > <tclass>udp_socket</tclass> > <tcontext mls="s0" role="object_r" type="inaddr_any_node_t" user="system_u"/> > <users> > <user delete_flag="False" seen_flag="False" username="email:root@tux"> > <filter> > <count>5</count> > <filter_type>8</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>bind_ports</analysis_id> > <audit_event> > <event_id host="tux" milli="938" seconds="1209326786" serial="194909"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { name_bind } for pid=27107 comm="spamassassin" src=1074 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket</body_text> > <event_id host="tux" milli="938" seconds="1209326786" serial="194909"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bf9974a0 a2=39b4d4 a3=10 items=0 ppid=27106 pid=27107 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null)</body_text> > <event_id host="tux" milli="938" seconds="1209326786" serial="194909"/> > </audit_record> > </records> > </audit_event> > <category>Netzwerk-Ports</category> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>tux</hostname> > <kernel>2.6.24.3-12.fc8 i686</kernel> > <platform>Fedora release 9 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-42</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux tux 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-04-27T16:17:44Z</first_seen_date> > <host>tux</host> > <last_seen_date>2008-04-27T20:06:26Z</last_seen_date> > <local_id>d1b11bb0-2ce8-4703-99b3-7c6b0b067be3</local_id> > <port>1074</port> > <report_count>8</report_count> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>name_bind</operation> > </access> > <analysis_id>bind_ports</analysis_id> > <host>tux</host> > <scontext mls="s0" role="system_r" type="spamassassin_t" user="system_u"/> > <tclass>udp_socket</tclass> > <tcontext mls="s0" role="object_r" type="port_t" user="system_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > If you want to allow spamassassin to bind to this port > semanage port -a -t PORT_TYPE -p PROTOCOL 1074 > Where PORT_TYPE is a type that spamassassin_t can bind and PROTOCOL is udp or tcp. > ]]></fix_description> > <problem_description><![CDATA[ > SELinux has denied the spamassassin from binding to a network port 1074 which does not have an SELinux type associated with it. > If spamassassin is supposed to be allowed to listen on this port, you can use the semanage command to add this port to a port type that spamassassin_t can bind to. <i>semanage port -l</i> will list all port types. Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> against the selinux-policy package. >If spamassassin is not supposed > to bind to this port, this could signal a intrusion attempt. > If this system is running as an NIS Client, turning on the allow_ypbind boolean, may fix the problem. setsebool -P allow_ypbind=1. > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing the spamassassin (spamassassin_t) from binding to port 1074. > ]]></summary> > </solution> > <source>spamassassin</source> > <spath>/usr/bin/perl</spath> > <src_rpm_list> > <rpm>perl-5.10.0-20</rpm> > </src_rpm_list> > <tclass>udp_socket</tclass> > <tcontext mls="s0" role="object_r" type="port_t" user="system_u"/> > <users> > <user delete_flag="False" seen_flag="False" username="email:root@tux"> > <filter> > <count>8</count> > <filter_type>8</filter_type> > </filter> > </user> > </users> > </siginfo> > </signature_list> > <users version="1.0"/> ></sigs>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=304022">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 444342
: 304022