EFA4 opendmarc / opendkim Selinux

Bugs in eFa 4
Post Reply
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

EFA4 opendmarc / opendkim Selinux

Post by henk »

As soon as you login to the MailWatch Gui.

The audit logs shows :

Code: Select all

grep 'avc:  denied' audit.log
type=AVC msg=audit(1551386998.773:2199): avc: denied { getattr } for pid=22689 comm="ps" path="/proc/5476" dev="proc" ino=34776 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:system_r:dkim_milter_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1551386998.775:2200): avc: denied { getattr } for pid=22689 comm="ps" path="/proc/6288" dev="proc" ino=38368 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:system_r:dkim_milter_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1551386998.804:2201): avc: denied { getattr } for pid=22693 comm="ps" path="/proc/5476" dev="proc" ino=34776 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:system_r:dkim_milter_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1551386998.805:2202): avc: denied { getattr } for pid=22693 comm="ps" path="/proc/6288" dev="proc" ino=38368 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:system_r:dkim_milter_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1551386998.821:2203): avc: denied { getattr } for pid=22698 comm="ps" path="/proc/5476" dev="proc" ino=34776 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:system_r:dkim_milter_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1551386998.822:2204): avc: denied { getattr } for pid=22698 comm="ps" path="/proc/6288" dev="proc" ino=38368 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:system_r:dkim_milter_t:s0 tclass=dir permissive=0

Code: Select all

ps -ef |grep 6288
opendma+ 6288 1 0 20:08 ? 00:00:00 /usr/sbin/opendmarc -c /etc/opendmarc.conf -P /var/run/opendmarc/opendmarc.pid
root 22856 22218 0 21:50 pts/0 00:00:00 grep --color=auto 6288

Code: Select all

ps -ef |grep 5476
opendkim 5476 1 0 20:07 ? 00:00:00 /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid
root 22858 22218 0 21:50 pts/0 00:00:00 grep --color=auto 5476

And running a (Gui) lint test :
type=AVC msg=audit(1551385644.145:1689): avc: denied { getattr } for pid=19401 comm="grep" path="/etc/mail/spamassassin/mailscanner.cf" dev="dm-0" ino=16952344 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:etc_mail_t:s0 tclass=lnk_file permissive=0
/var/log/secure
sudo: php-fpm : TTY=unknown ; PWD=/var/www/html/mailscanner ; USER=root ; COMMAND=/usr/sbin/MailScanner --lint
sansspam sudo: pam_systemd(sudo:session): Failed to create session: Connection timed out
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Post Reply