Bug 500397
Summary: | spamc denials | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Orion Poplawski <orion> | ||||
Component: | nss_ldap | Assignee: | Nalin Dahyabhai <nalin> | ||||
Status: | CLOSED ERRATA | QA Contact: | Ondrej Moriš <omoris> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 5.3 | CC: | dpal, dwalsh, jplans, omoris | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | nss_ldap-253-28.el5 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 637843 (view as bug list) | Environment: | |||||
Last Closed: | 2011-01-13 23:32:00 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 637843 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Orion Poplawski
2009-05-12 14:59:41 UTC
THese are a leaked file descriptor caused I believe by nss_ldap. I think there's a decent chance that this is the same bug as #512856. Is there an updated nss_ldap for EL5 I can test with? Created attachment 449470 [details]
test package
I've built and installed it, but still seeing these messsages. Restarted sendmail, nscd, and sshd for grins but still seeing: type=AVC msg=audit(1285356600.905:4285): avc: denied { write } for pid=32535 comm="spamc" path="pipe:[624117]" dev=pipefs ino=624117 scontext=root:system_r:spamc_t:s0 tcontext=root:system_r:sendmail_t:s0 tclass=fifo_file type=AVC msg=audit(1285356600.905:4285): avc: denied { read write } for pid=32535 comm="spamc" path="socket:[624068]" dev=sockfs ino=624068 scontext=root:system_r:spamc_t:s0 tcontext=root:system_r:sendmail_t:s0 tclass=unix_stream_socket type=AVC msg=audit(1285356600.905:4285): avc: denied { read write } for pid=32535 comm="spamc" path="socket:[624070]" dev=sockfs ino=624070 scontext=root:system_r:spamc_t:s0 tcontext=root:system_r:sendmail_t:s0 tclass=unix_stream_socket It's the tcp_socket leak (the connection to the directory server) we're fixing here; I'm not sure these others are under nss_ldap's control -- they look like a problem with letting sendmail run procmail run spamc. CCing dwalsh. Yes these are either leaks or normal fifo_file passing of stdin,stdout,stderr between multiple entities. In F14/RHEL6 policy we have these rules. audit2allow -i /tmp/t #============= spamc_t ============== #!!!! This avc is allowed in the current policy allow spamc_t sendmail_t:fifo_file write; #!!!! This avc has a dontaudit rule in the current policy allow spamc_t sendmail_t:unix_stream_socket { read write }; Open a bug on RHEL5 for this policy to be backported. (In reply to comment #10) > Open a bug on RHEL5 for this policy to be backported. Opened bug #637843. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0097.html |