Attachment 880577 Details for Bug 1082456 – Output of sealert analysis

Output of sealert analysis

sealertlog.txt (text/plain), 8.99 KB, created by q893 on 2014-03-31 06:29:23 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: q893

Created: 2014-03-31 06:29:23 UTC

Size: 8.99 KB

patch

obsolete

>string index out of range
>'list' object has no attribute 'split'
>
>found 4 alerts in /var/log/audit/audit.log
>--------------------------------------------------------------------------------
>
>SELinux is preventing /usr/sbin/smtpctl from write access on the directory .
>
>*****  Plugin catchall (100. confidence) suggests   **************************
>
>If you believe that smtpctl should be allowed write access on the  directory by default.
>Then you should report this as a bug.
>You can generate a local policy module to allow this access.
>Do
>allow this access for now by executing:
># grep sendmail /var/log/audit/audit.log | audit2allow -M mypol
># semodule -i mypol.pp
>
>
>Additional Information:
>Source Context                system_u:system_r:sendmail_t:s0
>Target Context                system_u:object_r:var_spool_t:s0
>Target Objects                 [ dir ]
>Source                        sendmail
>Source Path                   /usr/sbin/smtpctl
>Port                          <Unknown>
>Host                          <Unknown>
>Source RPM Packages           opensmtpd-5.4.2p1-1.fc20.x86_64
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.12.1-135.fc20.noarch
>Selinux Enabled               True
>Policy Type                   targeted
>Enforcing Mode                Enforcing
>Host Name                     desktop.homelan.home
>Platform                      Linux desktop.homelan.home 3.13.7-200.fc20.x86_64
>                              #1 SMP Mon Mar 24 22:01:49 UTC 2014 x86_64 x86_64
>Alert Count                   1
>First Seen                    2014-03-29 12:37:25 EET
>Last Seen                     2014-03-29 12:37:25 EET
>Local ID                      e25778cf-aa38-41b2-92f0-7d3543f53f2f
>
>Raw Audit Messages
>type=AVC msg=audit(1396089445.603:542): avc:  denied  { write } for  pid=6352 comm="sendmail" name="offline" dev="dm-1" ino=145160 scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
>
>
>type=SYSCALL msg=audit(1396089445.603:542): arch=x86_64 syscall=open success=no exit=EACCES a0=7fff84a0b940 a1=c2 a2=180 a3=0 items=0 ppid=1 pid=6352 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=4294967295 tty=(none) comm=sendmail exe=/usr/sbin/smtpctl subj=system_u:system_r:sendmail_t:s0 key=(null)
>
>Hash: sendmail,sendmail_t,var_spool_t,dir,write
>
>--------------------------------------------------------------------------------
>
>SELinux is preventing /usr/sbin/smtpctl from write access on the sock_file .
>
>*****  Plugin catchall (100. confidence) suggests   **************************
>
>If you believe that smtpctl should be allowed write access on the  sock_file by default.
>Then you should report this as a bug.
>You can generate a local policy module to allow this access.
>Do
>allow this access for now by executing:
># grep sendmail /var/log/audit/audit.log | audit2allow -M mypol
># semodule -i mypol.pp
>
>
>Additional Information:
>Source Context                system_u:system_r:sendmail_t:s0
>Target Context                system_u:object_r:var_run_t:s0
>Target Objects                 [ sock_file ]
>Source                        sendmail
>Source Path                   /usr/sbin/smtpctl
>Port                          <Unknown>
>Host                          <Unknown>
>Source RPM Packages           opensmtpd-5.4.2p1-1.fc20.x86_64
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.12.1-135.fc20.noarch
>Selinux Enabled               True
>Policy Type                   targeted
>Enforcing Mode                Enforcing
>Host Name                     desktop.homelan.home
>Platform                      Linux desktop.homelan.home 3.13.7-200.fc20.x86_64
>                              #1 SMP Mon Mar 24 22:01:49 UTC 2014 x86_64 x86_64
>Alert Count                   1
>First Seen                    2014-03-29 12:37:25 EET
>Last Seen                     2014-03-29 12:37:25 EET
>Local ID                      9365af5b-5021-4edc-ba68-f33673a42058
>
>Raw Audit Messages
>type=AVC msg=audit(1396089445.603:541): avc:  denied  { write } for  pid=6352 comm="sendmail" name="smtpd.sock" dev="tmpfs" ino=19074 scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
>
>
>type=SYSCALL msg=audit(1396089445.603:541): arch=x86_64 syscall=connect success=no exit=EACCES a0=4 a1=7fff84a0bce0 a2=6e a3=0 items=0 ppid=1 pid=6352 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=4294967295 tty=(none) comm=sendmail exe=/usr/sbin/smtpctl subj=system_u:system_r:sendmail_t:s0 key=(null)
>
>Hash: sendmail,sendmail_t,var_run_t,sock_file,write
>
>--------------------------------------------------------------------------------
>
>SELinux is preventing /usr/sbin/smtpctl from write access on the sock_file .
>
>*****  Plugin catchall (100. confidence) suggests   **************************
>
>If you believe that smtpctl should be allowed write access on the  sock_file by default.
>Then you should report this as a bug.
>You can generate a local policy module to allow this access.
>Do
>allow this access for now by executing:
># grep sendmail /var/log/audit/audit.log | audit2allow -M mypol
># semodule -i mypol.pp
>
>
>Additional Information:
>Source Context                system_u:system_r:system_mail_t:s0-s0:c0.c1023
>Target Context                system_u:object_r:var_run_t:s0
>Target Objects                 [ sock_file ]
>Source                        sendmail
>Source Path                   /usr/sbin/smtpctl
>Port                          <Unknown>
>Host                          <Unknown>
>Source RPM Packages           opensmtpd-5.4.2p1-1.fc20.x86_64
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.12.1-135.fc20.noarch
>Selinux Enabled               True
>Policy Type                   targeted
>Enforcing Mode                Enforcing
>Host Name                     desktop.homelan.home
>Platform                      Linux desktop.homelan.home 3.13.7-200.fc20.x86_64
>                              #1 SMP Mon Mar 24 22:01:49 UTC 2014 x86_64 x86_64
>Alert Count                   3
>First Seen                    2014-03-30 08:40:14 EEST
>Last Seen                     2014-03-31 08:48:12 EEST
>Local ID                      7969ef22-63b1-464c-90db-3e9083fadc68
>
>Raw Audit Messages
>type=AVC msg=audit(1396244892.906:388): avc:  denied  { write } for  pid=8053 comm="sendmail" name="smtpd.sock" dev="tmpfs" ino=20220 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
>
>
>type=SYSCALL msg=audit(1396244892.906:388): arch=x86_64 syscall=connect success=no exit=EACCES a0=4 a1=7fff7ef335b0 a2=6e a3=0 items=0 ppid=1 pid=8053 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=2 tty=(none) comm=sendmail exe=/usr/sbin/smtpctl subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null)
>
>Hash: sendmail,system_mail_t,var_run_t,sock_file,write
>
>--------------------------------------------------------------------------------
>
>SELinux is preventing /usr/sbin/smtpctl from write access on the directory .
>
>*****  Plugin catchall (100. confidence) suggests   **************************
>
>If you believe that smtpctl should be allowed write access on the  directory by default.
>Then you should report this as a bug.
>You can generate a local policy module to allow this access.
>Do
>allow this access for now by executing:
># grep sendmail /var/log/audit/audit.log | audit2allow -M mypol
># semodule -i mypol.pp
>
>
>Additional Information:
>Source Context                system_u:system_r:system_mail_t:s0-s0:c0.c1023
>Target Context                system_u:object_r:var_spool_t:s0
>Target Objects                 [ dir ]
>Source                        sendmail
>Source Path                   /usr/sbin/smtpctl
>Port                          <Unknown>
>Host                          <Unknown>
>Source RPM Packages           opensmtpd-5.4.2p1-1.fc20.x86_64
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.12.1-135.fc20.noarch
>Selinux Enabled               True
>Policy Type                   targeted
>Enforcing Mode                Enforcing
>Host Name                     desktop.homelan.home
>Platform                      Linux desktop.homelan.home 3.13.7-200.fc20.x86_64
>                              #1 SMP Mon Mar 24 22:01:49 UTC 2014 x86_64 x86_64
>Alert Count                   3
>First Seen                    2014-03-30 08:40:14 EEST
>Last Seen                     2014-03-31 08:48:12 EEST
>Local ID                      0005fc3e-89a9-4621-ae39-eace9be6a18e
>
>Raw Audit Messages
>type=AVC msg=audit(1396244892.906:389): avc:  denied  { write } for  pid=8053 comm="sendmail" name="offline" dev="dm-1" ino=145160 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
>
>
>type=SYSCALL msg=audit(1396244892.906:389): arch=x86_64 syscall=open success=no exit=EACCES a0=7fff7ef33210 a1=c2 a2=180 a3=0 items=0 ppid=1 pid=8053 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=2 tty=(none) comm=sendmail exe=/usr/sbin/smtpctl subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null)
>
>Hash: sendmail,system_mail_t,var_spool_t,dir,write
>

Actions: View

Attachments on bug 1082456: 880577