Bug 1381234
Summary: | SELinux is preventing /usr/bin/perl from 'create' accesses on the directory .spamassassin. | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Brian J. Murrell <brian> | ||||
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | ||||
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 7.3 | CC: | herrold, lvrabec, mgrepl, mmalik, plautrba, pvrabec, ssekidde | ||||
Target Milestone: | rc | Keywords: | Reopened | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2018-10-30 09:59:46 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1393066 | ||||||
Attachments: |
|
Description
Brian J. Murrell
2016-10-03 13:27:39 UTC
Could be a duplicate of bug #1379998? A few more once the above ones have been permitted: type=AVC msg=audit(1475511320.863:30671): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="user_prefs" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475511320.863:30671): arch=c000003e syscall=2 success=no exit=-13 a0=8761c50 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475511331.799:30672): avc: denied { read } for pid=1140 comm=7370616D64206368696C64 name=".razor" dev="dm-7" ino=24958 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir type=SYSCALL msg=audit(1475511331.799:30672): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=8d1ce80 a2=90800 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475511331.909:30673): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.discovery.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475511331.909:30673): arch=c000003e syscall=2 success=no exit=-13 a0=7074e80 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475511331.909:30674): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475511331.909:30674): arch=c000003e syscall=2 success=no exit=-13 a0=8d5bd20 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475511331.909:30675): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475511331.909:30675): arch=c000003e syscall=2 success=no exit=-13 a0=7074e80 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475511332.027:30676): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="server.c302.cloudmark.com.conf" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475511332.027:30676): arch=c000003e syscall=2 success=no exit=-13 a0=5370020 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475511332.196:30677): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475511332.196:30677): arch=c000003e syscall=2 success=no exit=-13 a0=85d87e0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475511332.196:30678): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475511332.196:30678): arch=c000003e syscall=2 success=no exit=-13 a0=8f05600 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475511332.585:30679): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="auto-whitelist.lock.server.interlinx.bc.ca.1140" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475511332.585:30679): arch=c000003e syscall=2 success=no exit=-13 a0=8c952d0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475525406.178:31411): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="user_prefs" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475525406.178:31411): arch=c000003e syscall=2 success=no exit=-13 a0=94c52b0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475525420.363:31412): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="razor-agent.log" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475525420.363:31412): arch=c000003e syscall=2 success=no exit=-13 a0=a046cb0 a1=441 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475525420.369:31413): avc: denied { read } for pid=1140 comm=7370616D64206368696C64 name=".razor" dev="dm-7" ino=24958 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir type=SYSCALL msg=audit(1475525420.369:31413): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=5353580 a2=90800 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475525420.535:31414): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.discovery.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475525420.535:31414): arch=c000003e syscall=2 success=no exit=-13 a0=9f8bf30 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475525420.536:31415): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475525420.536:31415): arch=c000003e syscall=2 success=no exit=-13 a0=8b08de0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475525420.536:31416): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475525420.536:31416): arch=c000003e syscall=2 success=no exit=-13 a0=9f8bf30 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475525420.684:31417): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="server.c302.cloudmark.com.conf" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475525420.684:31417): arch=c000003e syscall=2 success=no exit=-13 a0=a046680 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475525420.835:31418): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475525420.835:31418): arch=c000003e syscall=2 success=no exit=-13 a0=9719140 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475525420.837:31419): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475525420.837:31419): arch=c000003e syscall=2 success=no exit=-13 a0=98d66c0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475525421.181:31420): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="auto-whitelist.lock.server.interlinx.bc.ca.1140" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475525421.181:31420): arch=c000003e syscall=2 success=no exit=-13 a0=99c3330 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475525421.439:31421): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="bayes.lock.server.interlinx.bc.ca.1140" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475525421.439:31421): arch=c000003e syscall=2 success=no exit=-13 a0=a1e8f60 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475539833.371:32073): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="user_prefs" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475539833.371:32073): arch=c000003e syscall=2 success=no exit=-13 a0=3d577a0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475539844.333:32074): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="razor-agent.log" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475539844.333:32074): arch=c000003e syscall=2 success=no exit=-13 a0=ba85060 a1=441 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475539844.335:32075): avc: denied { read } for pid=1140 comm=7370616D64206368696C64 name=".razor" dev="dm-7" ino=24958 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir type=SYSCALL msg=audit(1475539844.335:32075): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=b946a60 a2=90800 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475539844.448:32076): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.discovery.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475539844.448:32076): arch=c000003e syscall=2 success=no exit=-13 a0=b81c7d0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475539844.448:32077): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475539844.448:32077): arch=c000003e syscall=2 success=no exit=-13 a0=b1edb00 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475539844.449:32078): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475539844.449:32078): arch=c000003e syscall=2 success=no exit=-13 a0=b81c7d0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475539844.601:32079): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="server.c301.cloudmark.com.conf" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475539844.601:32079): arch=c000003e syscall=2 success=no exit=-13 a0=bafe940 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475539844.738:32080): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475539844.738:32080): arch=c000003e syscall=2 success=no exit=-13 a0=b8f5320 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475539844.738:32081): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475539844.738:32081): arch=c000003e syscall=2 success=no exit=-13 a0=bbf7090 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475539844.930:32082): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="auto-whitelist.lock.server.interlinx.bc.ca.1140" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475539844.930:32082): arch=c000003e syscall=2 success=no exit=-13 a0=b825fe0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475555307.969:32917): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="user_prefs" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475555307.969:32917): arch=c000003e syscall=2 success=no exit=-13 a0=c51b150 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475555321.988:32918): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="razor-agent.log" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475555321.988:32918): arch=c000003e syscall=2 success=no exit=-13 a0=e23b830 a1=441 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475555321.998:32919): avc: denied { read } for pid=1140 comm=7370616D64206368696C64 name=".razor" dev="dm-7" ino=24958 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir type=SYSCALL msg=audit(1475555321.998:32919): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=e574cd0 a2=90800 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475555322.169:32920): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.discovery.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475555322.169:32920): arch=c000003e syscall=2 success=no exit=-13 a0=d2d4490 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475555322.170:32921): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475555322.170:32921): arch=c000003e syscall=2 success=no exit=-13 a0=b97fab0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475555322.171:32922): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475555322.171:32922): arch=c000003e syscall=2 success=no exit=-13 a0=d2d4490 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475555322.321:32923): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="server.c301.cloudmark.com.conf" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475555322.321:32923): arch=c000003e syscall=2 success=no exit=-13 a0=decb080 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475555322.444:32924): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475555322.444:32924): arch=c000003e syscall=2 success=no exit=-13 a0=e08b8a0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475555322.444:32925): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475555322.444:32925): arch=c000003e syscall=2 success=no exit=-13 a0=c2e8b00 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475555323.031:32926): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="auto-whitelist.lock.server.interlinx.bc.ca.1140" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475555323.031:32926): arch=c000003e syscall=2 success=no exit=-13 a0=e48eef0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475555323.352:32927): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="bayes.lock.server.interlinx.bc.ca.1140" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475555323.352:32927): arch=c000003e syscall=2 success=no exit=-13 a0=d3eb440 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475568433.669:33573): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="user_prefs" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475568433.669:33573): arch=c000003e syscall=2 success=no exit=-13 a0=9cf7490 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475568443.925:33574): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="razor-agent.log" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475568443.925:33574): arch=c000003e syscall=2 success=no exit=-13 a0=784fdf0 a1=441 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475568443.928:33575): avc: denied { read } for pid=1140 comm=7370616D64206368696C64 name=".razor" dev="dm-7" ino=24958 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir type=SYSCALL msg=audit(1475568443.928:33575): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=c5867f0 a2=90800 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475568444.172:33576): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="auto-whitelist.lock.server.interlinx.bc.ca.1140" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475568444.172:33576): arch=c000003e syscall=2 success=no exit=-13 a0=d836940 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475568444.379:33577): avc: denied { create } for pid=1140 comm=7370616D64206368696C64 name="bayes.lock.server.interlinx.bc.ca.1140" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475568444.379:33577): arch=c000003e syscall=2 success=no exit=-13 a0=d8a1de0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475582967.056:34258): avc: denied { create } for pid=28374 comm=7370616D64206368696C64 name="user_prefs" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475582967.056:34258): arch=c000003e syscall=2 success=no exit=-13 a0=3129000 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475582978.526:34259): avc: denied { create } for pid=28374 comm=7370616D64206368696C64 name="razor-agent.log" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475582978.526:34259): arch=c000003e syscall=2 success=no exit=-13 a0=6c64f50 a1=441 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475582978.529:34260): avc: denied { read } for pid=28374 comm=7370616D64206368696C64 name=".razor" dev="dm-7" ino=24958 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir type=SYSCALL msg=audit(1475582978.529:34260): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=49fa570 a2=90800 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475582978.630:34261): avc: denied { create } for pid=28374 comm=7370616D64206368696C64 name="servers.discovery.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475582978.630:34261): arch=c000003e syscall=2 success=no exit=-13 a0=6be1910 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475582978.630:34262): avc: denied { create } for pid=28374 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475582978.630:34262): arch=c000003e syscall=2 success=no exit=-13 a0=6be1ff0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475582978.630:34263): avc: denied { create } for pid=28374 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475582978.630:34263): arch=c000003e syscall=2 success=no exit=-13 a0=6be1910 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475582978.755:34264): avc: denied { create } for pid=28374 comm=7370616D64206368696C64 name="server.c301.cloudmark.com.conf" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475582978.755:34264): arch=c000003e syscall=2 success=no exit=-13 a0=4a14e20 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475582978.867:34265): avc: denied { create } for pid=28374 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475582978.867:34265): arch=c000003e syscall=2 success=no exit=-13 a0=65a6fa0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475582978.868:34266): avc: denied { create } for pid=28374 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475582978.868:34266): arch=c000003e syscall=2 success=no exit=-13 a0=6f2d8a0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475582979.165:34267): avc: denied { create } for pid=28374 comm=7370616D64206368696C64 name="auto-whitelist.lock.server.interlinx.bc.ca.28374" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475582979.165:34267): arch=c000003e syscall=2 success=no exit=-13 a0=6e2d3f0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475582979.380:34268): avc: denied { create } for pid=28374 comm=7370616D64206368696C64 name="bayes.lock.server.interlinx.bc.ca.28374" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475582979.380:34268): arch=c000003e syscall=2 success=no exit=-13 a0=6bcb550 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) This is happening on a 7.2 system, not 7.3. The latest AVCs since allowing the previous ones above: type=AVC msg=audit(1475669761.284:38755): avc: denied { getattr } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669761.284:38755): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=708 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669761.309:38756): avc: denied { getattr } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669761.309:38756): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669761.311:38757): avc: denied { getattr } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669761.311:38757): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=720 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669761.312:38758): avc: denied { read } for pid=1225 comm=7370616D64206368696C64 name="user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669761.312:38758): arch=c000003e syscall=2 success=no exit=-13 a0=d7d33b0 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669808.559:38759): avc: denied { append } for pid=1225 comm=7370616D64206368696C64 name="razor-agent.log" dev="dm-7" ino=15525 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669808.559:38759): arch=c000003e syscall=2 success=no exit=-13 a0=e62cef0 a1=441 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669808.567:38760): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor" dev="dm-7" ino=24958 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir type=SYSCALL msg=audit(1475669808.567:38760): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=e4cade0 a2=90800 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669808.694:38761): avc: denied { getattr } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.discovery.lst.lock" dev="dm-7" ino=15526 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669808.694:38761): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1018 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669808.694:38762): avc: denied { write } for pid=1225 comm=7370616D64206368696C64 name="servers.discovery.lst.lock" dev="dm-7" ino=15526 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669808.694:38762): arch=c000003e syscall=2 success=no exit=-13 a0=e4ba8d0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669808.695:38763): avc: denied { getattr } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.catalogue.lst.lock" dev="dm-7" ino=15527 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669808.695:38763): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1018 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669808.695:38764): avc: denied { write } for pid=1225 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" dev="dm-7" ino=15527 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669808.695:38764): arch=c000003e syscall=2 success=no exit=-13 a0=dd61040 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669808.695:38765): avc: denied { getattr } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.nomination.lst.lock" dev="dm-7" ino=15528 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669808.695:38765): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1018 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669808.695:38766): avc: denied { write } for pid=1225 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" dev="dm-7" ino=15528 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669808.695:38766): arch=c000003e syscall=2 success=no exit=-13 a0=e4ba8d0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669808.819:38767): avc: denied { write } for pid=1225 comm=7370616D64206368696C64 name="server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669808.819:38767): arch=c000003e syscall=2 success=no exit=-13 a0=dd0e2a0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669808.999:38768): avc: denied { getattr } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.catalogue.lst.lock" dev="dm-7" ino=15527 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669808.999:38768): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1130 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669808.999:38769): avc: denied { write } for pid=1225 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" dev="dm-7" ino=15527 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669808.999:38769): arch=c000003e syscall=2 success=no exit=-13 a0=dd6dc90 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669808.999:38770): avc: denied { getattr } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.nomination.lst.lock" dev="dm-7" ino=15528 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669808.999:38770): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1130 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669808.999:38771): avc: denied { write } for pid=1225 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" dev="dm-7" ino=15528 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669808.999:38771): arch=c000003e syscall=2 success=no exit=-13 a0=b2c9c00 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669809.670:38772): avc: denied { write } for pid=1225 comm=7370616D64206368696C64 name="auto-whitelist.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15530 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669809.670:38772): arch=c000003e syscall=2 success=no exit=-13 a0=e43c1a0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475669810.647:38773): avc: denied { write } for pid=1225 comm=7370616D64206368696C64 name="bayes.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15548 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475669810.647:38773): arch=c000003e syscall=2 success=no exit=-13 a0=dd82410 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475683990.276:39548): avc: denied { getattr } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475683990.276:39548): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=708 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475683990.282:39549): avc: denied { getattr } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475683990.282:39549): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475683990.284:39550): avc: denied { getattr } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475683990.284:39550): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=720 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475683990.286:39551): avc: denied { read } for pid=1225 comm=7370616D64206368696C64 name="user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475683990.286:39551): arch=c000003e syscall=2 success=no exit=-13 a0=d571520 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475684044.370:39552): avc: denied { append } for pid=1225 comm=7370616D64206368696C64 name="razor-agent.log" dev="dm-7" ino=15525 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475684044.370:39552): arch=c000003e syscall=2 success=no exit=-13 a0=ef89220 a1=441 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475684044.380:39553): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor" dev="dm-7" ino=24958 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir type=SYSCALL msg=audit(1475684044.380:39553): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=f51afc0 a2=90800 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475684044.540:39554): avc: denied { getattr } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.discovery.lst.lock" dev="dm-7" ino=15526 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475684044.540:39554): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1018 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475684044.540:39555): avc: denied { write } for pid=1225 comm=7370616D64206368696C64 name="servers.discovery.lst.lock" dev="dm-7" ino=15526 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475684044.540:39555): arch=c000003e syscall=2 success=no exit=-13 a0=f551fd0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475684044.540:39556): avc: denied { getattr } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.catalogue.lst.lock" dev="dm-7" ino=15527 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475684044.540:39556): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1018 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475684044.540:39557): avc: denied { write } for pid=1225 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" dev="dm-7" ino=15527 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475684044.540:39557): arch=c000003e syscall=2 success=no exit=-13 a0=ef1db40 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475684044.541:39558): avc: denied { getattr } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.nomination.lst.lock" dev="dm-7" ino=15528 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475684044.541:39558): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1018 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475684044.541:39559): avc: denied { write } for pid=1225 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" dev="dm-7" ino=15528 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475684044.541:39559): arch=c000003e syscall=2 success=no exit=-13 a0=f551fd0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475684044.715:39560): avc: denied { write } for pid=1225 comm=7370616D64206368696C64 name="server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475684044.715:39560): arch=c000003e syscall=2 success=no exit=-13 a0=efa7d60 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475684044.823:39561): avc: denied { getattr } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.catalogue.lst.lock" dev="dm-7" ino=15527 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475684044.823:39561): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1130 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475684044.823:39562): avc: denied { write } for pid=1225 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" dev="dm-7" ino=15527 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475684044.823:39562): arch=c000003e syscall=2 success=no exit=-13 a0=f22dc20 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475684044.823:39563): avc: denied { getattr } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.nomination.lst.lock" dev="dm-7" ino=15528 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475684044.823:39563): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1130 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475684044.823:39564): avc: denied { write } for pid=1225 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" dev="dm-7" ino=15528 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475684044.823:39564): arch=c000003e syscall=2 success=no exit=-13 a0=f56f710 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475684045.668:39565): avc: denied { write } for pid=1225 comm=7370616D64206368696C64 name="auto-whitelist.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15530 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475684045.668:39565): arch=c000003e syscall=2 success=no exit=-13 a0=f603110 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475684046.775:39566): avc: denied { write } for pid=1225 comm=7370616D64206368696C64 name="bayes.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15548 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475684046.775:39566): arch=c000003e syscall=2 success=no exit=-13 a0=dae15e0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) More AVCs once the above were allowed: type=AVC msg=audit(1475712423.521:40956): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475712423.521:40956): arch=c000003e syscall=2 success=no exit=-13 a0=11068fe0 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475712438.178:40957): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/razor-agent.log" dev="dm-7" ino=15525 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475712438.178:40957): arch=c000003e syscall=2 success=no exit=-13 a0=1170c010 a1=441 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475712438.191:40958): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c301.cloudmark.com.conf" dev="dm-7" ino=17015 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475712438.191:40958): arch=c000003e syscall=2 success=no exit=-13 a0=4a0eb70 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475712438.202:40959): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c301.cloudmark.com.conf" dev="dm-7" ino=17015 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475712438.202:40959): arch=c000003e syscall=2 success=no exit=-13 a0=4a0eb70 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475712438.202:40960): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475712438.202:40960): arch=c000003e syscall=2 success=no exit=-13 a0=4a0eb70 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475712438.217:40961): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475712438.217:40961): arch=c000003e syscall=2 success=no exit=-13 a0=4a0eb70 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475712438.217:40962): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475712438.217:40962): arch=c000003e syscall=2 success=no exit=-13 a0=4a0eb70 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475712438.218:40963): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475712438.218:40963): arch=c000003e syscall=2 success=no exit=-13 a0=4a0eb70 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475712438.448:40964): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475712438.448:40964): arch=c000003e syscall=2 success=no exit=-13 a0=11689e40 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475712439.069:40965): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/auto-whitelist.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15530 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475712439.069:40965): arch=c000003e syscall=2 success=no exit=-13 a0=116853b0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475712439.352:40966): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/bayes.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15548 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475712439.352:40966): arch=c000003e syscall=2 success=no exit=-13 a0=112abdb0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475726872.211:41677): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475726872.211:41677): arch=c000003e syscall=2 success=no exit=-13 a0=13713930 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475726899.264:41678): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/razor-agent.log" dev="dm-7" ino=15525 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475726899.264:41678): arch=c000003e syscall=2 success=no exit=-13 a0=137961b0 a1=441 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475726899.301:41679): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c301.cloudmark.com.conf" dev="dm-7" ino=17015 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475726899.301:41679): arch=c000003e syscall=2 success=no exit=-13 a0=13723600 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475726899.301:41680): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c301.cloudmark.com.conf" dev="dm-7" ino=17015 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475726899.301:41680): arch=c000003e syscall=2 success=no exit=-13 a0=13723600 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475726899.302:41681): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475726899.302:41681): arch=c000003e syscall=2 success=no exit=-13 a0=13723600 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475726899.302:41682): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475726899.302:41682): arch=c000003e syscall=2 success=no exit=-13 a0=13723600 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475726899.302:41683): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475726899.302:41683): arch=c000003e syscall=2 success=no exit=-13 a0=13723600 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475726899.302:41684): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475726899.302:41684): arch=c000003e syscall=2 success=no exit=-13 a0=13723600 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475726899.572:41685): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475726899.572:41685): arch=c000003e syscall=2 success=no exit=-13 a0=11b4ec90 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475726900.261:41686): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/auto-whitelist.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15530 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475726900.261:41686): arch=c000003e syscall=2 success=no exit=-13 a0=13b71390 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475726900.628:41687): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/bayes.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15548 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475726900.628:41687): arch=c000003e syscall=2 success=no exit=-13 a0=13b95470 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475741206.972:42463): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475741206.972:42463): arch=c000003e syscall=2 success=no exit=-13 a0=12cd1b00 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475741214.980:42464): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/razor-agent.log" dev="dm-7" ino=15525 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475741214.980:42464): arch=c000003e syscall=2 success=no exit=-13 a0=12551430 a1=441 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475741214.982:42465): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c301.cloudmark.com.conf" dev="dm-7" ino=17015 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475741214.982:42465): arch=c000003e syscall=2 success=no exit=-13 a0=125f69f0 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475741214.987:42466): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c301.cloudmark.com.conf" dev="dm-7" ino=17015 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475741214.987:42466): arch=c000003e syscall=2 success=no exit=-13 a0=125f69f0 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475741214.987:42467): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475741214.987:42467): arch=c000003e syscall=2 success=no exit=-13 a0=125f69f0 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475741215.002:42468): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475741215.002:42468): arch=c000003e syscall=2 success=no exit=-13 a0=125f69f0 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475741215.003:42469): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475741215.003:42469): arch=c000003e syscall=2 success=no exit=-13 a0=125f69f0 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475741215.003:42470): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475741215.003:42470): arch=c000003e syscall=2 success=no exit=-13 a0=125f69f0 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475741215.234:42471): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475741215.234:42471): arch=c000003e syscall=2 success=no exit=-13 a0=1325aa30 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475741215.693:42472): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/auto-whitelist.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15530 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475741215.693:42472): arch=c000003e syscall=2 success=no exit=-13 a0=12abdb40 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475741215.830:42473): avc: denied { open } for pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/bayes.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15548 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475741215.830:42473): arch=c000003e syscall=2 success=no exit=-13 a0=12c74d10 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475755700.124:43135): avc: denied { open } for pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475755700.124:43135): arch=c000003e syscall=2 success=no exit=-13 a0=6614060 a1=0 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475755708.955:43136): avc: denied { open } for pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/razor-agent.log" dev="dm-7" ino=15525 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475755708.955:43136): arch=c000003e syscall=2 success=no exit=-13 a0=6e44400 a1=441 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475755708.958:43137): avc: denied { open } for pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c301.cloudmark.com.conf" dev="dm-7" ino=17015 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475755708.958:43137): arch=c000003e syscall=2 success=no exit=-13 a0=55afa30 a1=0 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475755708.958:43138): avc: denied { open } for pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c301.cloudmark.com.conf" dev="dm-7" ino=17015 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475755708.958:43138): arch=c000003e syscall=2 success=no exit=-13 a0=55afa30 a1=0 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475755708.958:43139): avc: denied { open } for pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475755708.958:43139): arch=c000003e syscall=2 success=no exit=-13 a0=55afa30 a1=0 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475755708.959:43140): avc: denied { open } for pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475755708.959:43140): arch=c000003e syscall=2 success=no exit=-13 a0=55afa30 a1=0 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475755708.959:43141): avc: denied { open } for pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475755708.959:43141): arch=c000003e syscall=2 success=no exit=-13 a0=55afa30 a1=0 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475755708.959:43142): avc: denied { open } for pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475755708.959:43142): arch=c000003e syscall=2 success=no exit=-13 a0=55afa30 a1=0 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475755709.176:43143): avc: denied { open } for pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475755709.176:43143): arch=c000003e syscall=2 success=no exit=-13 a0=55c4660 a1=241 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475755709.606:43144): avc: denied { open } for pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/auto-whitelist.lock.server.interlinx.bc.ca.26883" dev="dm-7" ino=13025 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475755709.606:43144): arch=c000003e syscall=2 success=no exit=-13 a0=64be6b0 a1=241 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1475755709.793:43145): avc: denied { open } for pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/bayes.lock.server.interlinx.bc.ca.26883" dev="dm-7" ino=13026 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file type=SYSCALL msg=audit(1475755709.793:43145): arch=c000003e syscall=2 success=no exit=-13 a0=6f77430 a1=241 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null) Created attachment 1208152 [details]
spamassassin avcs
And once again, since adding local policy for the above, the new ones are in the attachment.
I guess the question at this point is, has any selinux policy been developed for spamassassin or are these really all local to my installation? I don't think it's terribly unique here.
OK. I think I know what is going on here. Mail is coming into this machine addressed to logcheck@ and spamassassin is checking that mail for spam by setuid'ing to the "recipient"'s id, which is logcheck and so has a $HOME of /var/lib/logcheck. logcheck here is aliased to a real user and so really, spamassassin should not be checking mail until it is being delivered to it's final address, after alias processing happens. Looking into fixing the mail configuration to do so. no SELinux messages, and no spam assassin here but still getting the denials -- possibly a perlish mktemp is failing as well ? [root@router selinux]# grep denied /var/log/audit/audit.log [root@router selinux]# cat /etc/redhat-release ; date CentOS Linux release 7.3.1611 (Core) Wed Aug 30 14:14:39 EDT 2017 [root@router selinux]# rpm -qa | grep spam [root@router selinux]# ran: sudo -u logcheck strace logcheck -o -t > stdout.txt 2> stderr.txt [root@router logcheck]# wc -l *txt 10228 stderr.txt 1 stdout.txt [root@router logcheck]# grep denied /var/log/audit/audit.log [root@router logcheck]# seen: a strange ioctl message: rt_sigaction(SIGCHLD, {0x441200, [], SA_RESTORER|SA_RESTART, 0x7f41505bc250}, {SIG_DFL, [], SA_RESTORER|SA_RESTART, 0x7f41505bc250}, 8) = 0 getrlimit(RLIMIT_NPROC, {rlim_cur=4*1024, rlim_max=30649}) = 0 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 open("/sbin/logcheck", O_RDONLY) = 3 ioctl(3, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, 0x7ffd0f6aec10) = -1 ENOTTY (Inappropriate ioctl for device) lseek(3, 0, SEEK_CUR) = 0 read(3, "#!/bin/bash\n#\n# Copyright (C) 20"..., 80) = 80 lseek(3, 0, SEEK_SET) = 0 so turn on bash logging [root@router sbin]# diff -u logcheck RPH-logcheck --- logcheck 2015-01-05 11:11:22.000000000 -0500 +++ RPH-logcheck 2017-08-30 14:31:09.271188109 -0400 @@ -1,4 +1,5 @@ -#!/bin/bash +#!/bin/bash -x +# RPH adds a bash logging increase # # Copyright (C) 2004-2012 Debian Logcheck Team # <logcheck-devel.debian.org> [root@router sbin]# and another copy ion /usr/sbin [root@router sbin]# diff -u logcheck RPH-logcheck --- logcheck 2015-01-05 11:11:22.000000000 -0500 +++ RPH-logcheck 2017-08-30 14:34:09.210690031 -0400 @@ -1,4 +1,5 @@ -#!/bin/bash +#!/bin/bash -x +# RPH and the same in /usr/sbin # # Copyright (C) 2004-2012 Debian Logcheck Team # <logcheck-devel.debian.org> [root@router sbin]# pwd /usr/sbin [root@router sbin]# run it: [root@router logcheck]# sudo -u logcheck strace /usr/sbin/RPH-logcheck -o -t > RPH-stdout.txt 2> RPH-stderr.txt [root@router logcheck]# ls -al total 1356 drwxr-xr-x. 2 root root 82 Aug 30 14:35 . dr-xr-x---. 14 root root 4096 Aug 30 14:20 .. -rw-r--r--. 1 root root 745587 Aug 30 14:35 RPH-stderr.txt -rw-r--r--. 1 root root 45 Aug 30 14:35 RPH-stdout.txt -rw-r--r--. 1 root root 623978 Aug 30 14:21 stderr.txt -rw-r--r--. 1 root root 45 Aug 30 14:21 stdout.txt [root@router logcheck]# wc -l R*txt 12893 RPH-stderr.txt 1 RPH-stdout.txt look for E NO ... [root@router logcheck]# reset [root@router logcheck]# grep EN RPH-stderr.txt access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) mmap(NULL, 2268928, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f36ca99f000 mmap(0x7f36cabc4000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x25000) = 0x7f36cabc4000 mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f36ca79b000 mmap(0x7f36ca99d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f36ca99d000 mmap(NULL, 3932672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f36ca3da000 mmap(0x7f36ca790000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b6000) = 0x7f36ca790000 ioctl(3, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, 0x7ffc0d65b030) = -1 ENOTTY (Inappropriate ioctl for device) write(2, "+ SENDMAILTO=root\n", 18+ SENDMAILTO=root write(2, "+ EVENTSSUBJECT='System Events'\n", 32+ EVENTSSUBJECT='System Events' write(2, "++ SENDMAILTO=logcheck\n", 23++ SENDMAILTO=logcheck stat("/sbin/lockfile-create", 0x7ffc0d65acf0) = -1 ENOENT (No such file or directory) stat("/tmp/logcheck.b8maUs/cracking", 0x7ffc0d65a610) = -1 ENOENT (No such file or directory) stat("/sbin/mkdir", 0x7ffc0d65a4d0) = -1 ENOENT (No such file or directory) stat("/tmp/logcheck.b8maUs/violations", 0x7ffc0d65a610) = -1 ENOENT (No such file or directory) stat("/tmp/logcheck.b8maUs/violations-ignore", 0x7ffc0d65a610) = -1 ENOENT (No such file or directory) stat("/tmp/logcheck.b8maUs/ignore", 0x7ffc0d65a500) = -1 ENOENT (No such file or directory) stat("/sbin/lockfile-remove", 0x7ffc0d6596d0) = -1 ENOENT (No such file or directory) stat("/var/lock/logcheck/logcheck.lock", 0x7ffc0d65a710) = -1 ENOENT (No such file or directory) stat("/sbin/rm", 0x7ffc0d65a5c0) = -1 ENOENT (No such file or directory) [root@router logcheck]# This looks sketchy ioctl(3, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, 0x7ffc0d65b030) = -1 ENOTTY (Inappropriate ioctl for device) as I recall there are 'per user' /tmp/ 's 'recently' ... might this be in play with some mktemp tempdir change needed? [root@router ~]# cd logcheck/ [root@router logcheck]# grep mkdir *txt RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/cra"..., 38+ mkdir /tmp/logcheck.b8maUs/cracking RPH-stderr.txt:stat("/sbin/mkdir", 0x7ffc0d65a4d0) = -1 ENOENT (No such file or directory) RPH-stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0 RPH-stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0 RPH-stderr.txt:access("/bin/mkdir", X_OK) = 0 RPH-stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0 RPH-stderr.txt:access("/bin/mkdir", R_OK) = 0 RPH-stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0 RPH-stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0 RPH-stderr.txt:access("/bin/mkdir", X_OK) = 0 RPH-stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0 RPH-stderr.txt:access("/bin/mkdir", R_OK) = 0 RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/vio"..., 40+ mkdir /tmp/logcheck.b8maUs/violations RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/vio"..., 47+ mkdir /tmp/logcheck.b8maUs/violations-ignore RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/ign"..., 36+ mkdir /tmp/logcheck.b8maUs/ignore RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/log"..., 39+ mkdir /tmp/logcheck.b8maUs/logoutput stderr.txt:stat("/sbin/mkdir", 0x7ffd0f6ae0b0) = -1 ENOENT (No such file or directory) stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0 stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0 stderr.txt:access("/bin/mkdir", X_OK) = 0 stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0 stderr.txt:access("/bin/mkdir", R_OK) = 0 stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0 stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0 stderr.txt:access("/bin/mkdir", X_OK) = 0 stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0 stderr.txt:access("/bin/mkdir", R_OK) = 0 [root@router logcheck]# grep b8maUs *txt RPH-stderr.txt:"/tmp/logcheck.b8maUs\n", 128) = 21 RPH-stderr.txt:write(2, "+ TMPDIR=/tmp/logcheck.b8maUs\n", 30+ TMPDIR=/tmp/logcheck.b8maUs RPH-stderr.txt:write(2, "+ cleanrules /etc/logcheck/crack"..., 68+ cleanrules /etc/logcheck/cracking.d /tmp/logcheck.b8maUs/cracking RPH-stderr.txt:write(2, "+ cleaned=/tmp/logcheck.b8maUs/c"..., 40+ cleaned=/tmp/logcheck.b8maUs/cracking RPH-stderr.txt:write(2, "+ '[' '!' -d /tmp/logcheck.b8maU"..., 47+ '[' '!' -d /tmp/logcheck.b8maUs/cracking ']' RPH-stderr.txt:stat("/tmp/logcheck.b8maUs/cracking", 0x7ffc0d65a610) = -1 ENOENT (No such file or directory) RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/cra"..., 38+ mkdir /tmp/logcheck.b8maUs/cracking RPH-stderr.txt:write(2, "+ cleanrules /etc/logcheck/viola"..., 72+ cleanrules /etc/logcheck/violations.d /tmp/logcheck.b8maUs/violations RPH-stderr.txt:write(2, "+ cleaned=/tmp/logcheck.b8maUs/v"..., 42+ cleaned=/tmp/logcheck.b8maUs/violations RPH-stderr.txt:write(2, "+ '[' '!' -d /tmp/logcheck.b8maU"..., 49+ '[' '!' -d /tmp/logcheck.b8maUs/violations ']' RPH-stderr.txt:stat("/tmp/logcheck.b8maUs/violations", 0x7ffc0d65a610) = -1 ENOENT (No such file or directory) RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/vio"..., 40+ mkdir /tmp/logcheck.b8maUs/violations RPH-stderr.txt:write(2, "+ cleanrules /etc/logcheck/viola"..., 86+ cleanrules /etc/logcheck/violations.ignore.d /tmp/logcheck.b8maUs/violations-ignore RPH-stderr.txt:write(2, "+ cleaned=/tmp/logcheck.b8maUs/v"..., 49+ cleaned=/tmp/logcheck.b8maUs/violations-ignore RPH-stderr.txt:write(2, "+ '[' '!' -d /tmp/logcheck.b8maU"..., 56+ '[' '!' -d /tmp/logcheck.b8maUs/violations-ignore ']' RPH-stderr.txt:stat("/tmp/logcheck.b8maUs/violations-ignore", 0x7ffc0d65a610) = -1 ENOENT (No such file or directory) RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/vio"..., 47+ mkdir /tmp/logcheck.b8maUs/violations-ignore RPH-stderr.txt:write(2, "+ cleanrules /etc/logcheck/ignor"..., 71+ cleanrules /etc/logcheck/ignore.d.server /tmp/logcheck.b8maUs/ignore RPH-stderr.txt:write(2, "+ cleaned=/tmp/logcheck.b8maUs/i"..., 38+ cleaned=/tmp/logcheck.b8maUs/ignore RPH-stderr.txt:write(2, "+ '[' '!' -d /tmp/logcheck.b8maU"..., 45+ '[' '!' -d /tmp/logcheck.b8maUs/ignore ']' RPH-stderr.txt:stat("/tmp/logcheck.b8maUs/ignore", 0x7ffc0d65a500) = -1 ENOENT (No such file or directory) RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/ign"..., 36+ mkdir /tmp/logcheck.b8maUs/ignore RPH-stderr.txt:write(2, "+ cleanrules /etc/logcheck/ignor"..., 73+ cleanrules /etc/logcheck/ignore.d.paranoid /tmp/logcheck.b8maUs/ignore RPH-stderr.txt:write(2, "+ cleaned=/tmp/logcheck.b8maUs/i"..., 38+ cleaned=/tmp/logcheck.b8maUs/ignore RPH-stderr.txt:write(2, "+ '[' '!' -d /tmp/logcheck.b8maU"..., 45+ '[' '!' -d /tmp/logcheck.b8maUs/ignore ']' RPH-stderr.txt:stat("/tmp/logcheck.b8maUs/ignore", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/log"..., 39+ mkdir /tmp/logcheck.b8maUs/logoutput RPH-stderr.txt:write(2, "+ '[' -d /tmp/logcheck.b8maUs ']"..., 34+ '[' -d /tmp/logcheck.b8maUs ']' RPH-stderr.txt:stat("/tmp/logcheck.b8maUs", {st_mode=S_IFDIR|0700, st_size=91, ...}) = 0 RPH-stderr.txt:write(2, "+ debug 'cleanup: Removing - /tm"..., 51+ debug 'cleanup: Removing - /tmp/logcheck.b8maUs' RPH-stderr.txt:write(2, "+ rm -r /tmp/logcheck.b8maUs\n", 29+ rm -r /tmp/logcheck.b8maUs [root@router logcheck]# I'll dial out the rmdir and we can look actually there is a debugging hook I can add in the config file if [ -d "$TMPDIR" ]; then # Remove the tmp directory if [ "$NOCLEANUP" -eq 0 ];then cd $STATEDIR debug "cleanup: Removing - $TMPDIR" rm -r "$TMPDIR" else debug "cleanup: Not removing - $TMPDIR" fi fi [root@router logcheck]# mv RPH-stdout.txt 1-RPH-stdout.txt [root@router logcheck]# mv RPH-stderr.txt 1-RPH-stderr.txt [root@router logcheck]# sudo -u logcheck strace /usr/sbin/RPH-logcheck -o -t > RPH-stdout.txt 2> RPH-stderr.txt^C [root@router logcheck]# diff -u /etc/logcheck/logcheck.conf-ORIG /etc/logcheck/logcheck.conf --- /etc/logcheck/logcheck.conf-ORIG 2017-08-30 14:45:22.644180258 -0400 +++ /etc/logcheck/logcheck.conf 2017-08-30 14:45:45.447871495 -0400 @@ -83,3 +83,8 @@ # location, such as /var/tmp TMP="/tmp" + + +## +## RPH +NOCLEANUP=1 [root@router logcheck]# sudo -u logcheck strace /usr/sbin/RPH-logcheck -o -t > RPH-stdout.txt 2> RPH-stderr.txt and that left a logfile directory behind [root@router logcheck]# ls /tmp firefox_herrold hsperfdata_root logcheck.2iXr1S and the sub-directories have content [root@router logcheck]# cd /tmp/logcheck.2iXr1S [root@router logcheck.2iXr1S]# ls -al total 8 drwx------. 7 logcheck logcheck 91 Aug 30 14:47 . drwxrwxrwt. 13 root root 4096 Aug 30 14:48 .. drwx------. 2 logcheck logcheck 81 Aug 30 14:47 cracking drwx------. 2 logcheck logcheck 4096 Aug 30 14:47 ignore drwx------. 2 logcheck logcheck 21 Aug 30 14:47 logoutput drwx------. 2 logcheck logcheck 52 Aug 30 14:47 violations drwx------. 2 logcheck logcheck 44 Aug 30 14:47 violations-ignore [root@router logcheck.2iXr1S]# du -sh * 24K cracking 652K ignore 4.0K logoutput 16K violations 8.0K violations-ignore [root@router logcheck.2iXr1S]# lots of irrelevant files, but some have content [root@router logcheck.2iXr1S]# find . -type f -a -exec wc -l {} \; 1 ./cracking/kernel 1 ./cracking/rlogind 1 ./cracking/rsh 4 ./cracking/smartd 1 ./cracking/tftpd 1 ./cracking/uucico 2 ./violations/kernel 3 ./violations/smartd 4 ./violations/su 3 ./violations/sudo 9 ./violations-ignore/logcheck-su 5 ./violations-ignore/logcheck-sudo 3 ./ignore/NetworkManager 8 ./ignore/acpid 1 ./ignore/amandad 5 ./ignore/amavisd-new 8 ./ignore/anacron 2 ./ignore/anon-proxy 1 ./ignore/apache 1 ./ignore/apcupsd 2 ./ignore/arpwatch 1 ./ignore/asterisk 16 ./ignore/automount 37 ./ignore/bind 8 ./ignore/bluez-utils 20 ./ignore/courier 2 ./ignore/cpqarrayd 5 ./ignore/cpufreqd 12 ./ignore/cron 23 ./ignore/cron-apt 9 ./ignore/cups-lpd 1 ./ignore/cvs-pserver 2 ./ignore/cvsd 6 ./ignore/cyrus 7 ./ignore/dbus 4 ./ignore/dcc 2 ./ignore/ddclient 24 ./ignore/dhclient 40 ./ignore/dhcp 1 ./ignore/dictd 2 ./ignore/dkfilter 2 ./ignore/dkim-filter 5 ./ignore/dnsmasq 26 ./ignore/dovecot 4 ./ignore/dropbear 2 ./ignore/dspam 1 ./ignore/epmd 12 ./ignore/exim4 1 ./ignore/fcron 1 ./ignore/ftpd 1 ./ignore/git-daemon 4 ./ignore/gnu-imap4d 4 ./ignore/gps 1 ./ignore/grinch 2 ./ignore/horde3 8 ./ignore/hplip 19 ./ignore/hylafax 5 ./ignore/ikiwiki 6 ./ignore/imap 4 ./ignore/imapproxy 1 ./ignore/imp 1 ./ignore/imp4 65 ./ignore/innd 17 ./ignore/ipppd 3 ./ignore/isdnlog 13 ./ignore/isdnutils 24 ./ignore/jabberd 81 ./ignore/kernel 1 ./ignore/klogind 3 ./ignore/krb5-kdc 1 ./ignore/libpam-krb5 2 ./ignore/libpam-mount 12 ./ignore/logcheck 3 ./ignore/login 10 ./ignore/maradns 74 ./ignore/mldonkey-server 3 ./ignore/mon 1 ./ignore/mountd 23 ./ignore/nagios 5 ./ignore/netconsole 2 ./ignore/nfs 3 ./ignore/nntpcache 1 ./ignore/nscd 1 ./ignore/nslcd 80 ./ignore/openvpn 1 ./ignore/otrs 2 ./ignore/passwd 53 ./ignore/pdns 4 ./ignore/perdition 2 ./ignore/policyd 4 ./ignore/popa3d 189 ./ignore/postfix 2 ./ignore/postfix-policyd 20 ./ignore/ppp 10 ./ignore/pptpd 1 ./ignore/procmail 23 ./ignore/proftpd 2 ./ignore/puppetd 11 ./ignore/pure-ftpd 7 ./ignore/pureftp 7 ./ignore/qpopper 5 ./ignore/rbldnsd 2 ./ignore/rpc_statd 3 ./ignore/rsnapshot 12 ./ignore/rsync 2 ./ignore/sa-exim 11 ./ignore/samba 8 ./ignore/saned 2 ./ignore/sasl2-bin 10 ./ignore/saslauthd 3 ./ignore/schroot 1 ./ignore/scponly 2 ./ignore/slapd 26 ./ignore/smartd 1 ./ignore/smbd_audit 3 ./ignore/smokeping 2 ./ignore/snmpd 35 ./ignore/snort 1 ./ignore/spamc 36 ./ignore/spamd 78 ./ignore/squid 51 ./ignore/ssh 8 ./ignore/stunnel 8 ./ignore/su 4 ./ignore/sudo 34 ./ignore/sympa 1 ./ignore/syslogd 4 ./ignore/systemd 5 ./ignore/teapop 3 ./ignore/telnetd 3 ./ignore/tftpd 3 ./ignore/thy 1 ./ignore/ucd-snmp 2 ./ignore/upsd 3 ./ignore/uptimed 2 ./ignore/userv 1 ./ignore/vsftpd 6 ./ignore/watchdog 1 ./ignore/wu-ftpd 7 ./ignore/xinetd 5 ./ignore/incron 1 ./ignore/sysklogd 1 ./ignore/tripwire 1 ./ignore/usb 1 ./logoutput/messages [root@router logcheck.2iXr1S]# but they all look like print formats rather than content n [root@router logcheck.2iXr1S]# find . -type f -a -exec wc -l {} \; | grep -v "^1 " | grep -v ignore 4 ./cracking/smartd 2 ./violations/kernel 3 ./violations/smartd 4 ./violations/su 3 ./violations/sudo [root@router logcheck.2iXr1S]# cat ./cracking/smartd ./violations/kernel ./violations/smartd ./violations/su ./violations/sudo ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 5 Reallocated_Sector_Ct changed from [[:digit:]]+ to [[:digit:]]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 197 Current_Pending_Sector changed from [[:digit:]]+ to [1-9][[:digit:]]*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 198 Offline_Uncorrectable changed from [[:digit:]]+ to [1-9][[:digit:]]*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 199 UDMA_CRC_Error_Count changed from [[:digit:]]+ to [[:digit:]]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:]]+: media error \(bad sector\): status=0x[[:xdigit:]]+ { DriveReady SeekComplete Error }$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? end_request: I/O error, dev [[:alnum:]]+, sector [[:digit:]]+ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, [[:digit:]]+ Currently unreadable \(pending\) sectors$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, [[:digit:]]+ Offline uncorrectable sectors$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, Temperature [[:digit:]]+ Celsius reached critical limit of [[:digit:]]+ Celsius \(Min/Max [[:digit:]]+!?/[[:digit:]]+!?\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) .*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: .*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ pts/[0-9]+ [[:alnum:]]+[-:]root$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root[-:][[:alnum:]]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo\[[0-9]+\]: \(pam_[[:alnum:]]+\) .*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo\[[0-9]+\]: pam_[[:alnum:]]+\(sudo:[[:alnum:]]+\): .*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: .*$ [root@router logcheck.2iXr1S]# very curious We're going to close this bug as WONTFIX because * of limited capacity of selinux-policy developers * the bug is related to EPEL component or 3rd party SW only * the bug appears in unsupported configuration We believe this bug can be fixed via a local policy module. For more information please see: * https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-fixing_problems#sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow If you disagree, please re-open the bug. We're going to close this bug as WONTFIX because * of limited capacity of selinux-policy developers * the bug is related to EPEL component or 3rd party SW only * the bug appears in unsupported configuration We believe this bug can be fixed via a local policy module. For more information please see: * https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-fixing_problems#sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow If you disagree, please re-open the bug. (In reply to Lukas Vrabec from comment #14) > We're going to close this bug as WONTFIX because > > * the bug is related to EPEL component or 3rd party SW only spamassassin in in the base repository > * the bug appears in unsupported configuration What is it about my configuration that is unsupported? > We believe this bug can be fixed via a local policy module. Sure it can, and it has been. But that doesn't help anyone/eveyone else. https://stopdisablingselinux.com/ https://ma.ttias.be/stop-disabling-selinux-real-world-guide/ > If you disagree, please re-open the bug. Will do. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3111 |