On Wed, 2006-06-21 at 18:33 +0100, Paul Howarth wrote:
Marc Schwartz (via MN) wrote:
Can you try restarting postfix? I think the manpage thing happened at that point.
Interesting. Recalling that, I had re-booted before my reply above and had no msgs. However doing a service restart post-boot using system-config-services, I get:
type=AVC msg=audit(1150906621.693:641): avc: denied { read } for pid=12784 comm="postfix" name=".fonts.cache-2" dev=hdc7 ino=427877 scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file type=SYSCALL msg=audit(1150906621.693:641): arch=40000003 syscall=11 success=yes exit=0 a0=9e14f80 a1=9dfb478 a2=9e14f98 a3=9e14e68 items=2 pid=12784 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="postfix" exe="/usr/sbin/postfix" type=AVC_PATH msg=audit(1150906621.693:641): path="/root/.rh-fontconfig/.fonts.cache-2" type=CWD msg=audit(1150906621.693:641): cwd="/" type=PATH msg=audit(1150906621.693:641): item=0 name="/usr/sbin/postfix" flags=101 inode=3132499 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 type=PATH msg=audit(1150906621.693:641): item=1 flags=101 inode=754491 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 type=AVC msg=audit(1150906621.829:642): avc: denied { read } for pid=12796 comm="postfix" name=".fonts.cache-2" dev=hdc7 ino=427877 scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file type=SYSCALL msg=audit(1150906621.829:642): arch=40000003 syscall=11 success=yes exit=0 a0=9e15318 a1=9e00e50 a2=9e14f98 a3=9e14d00 items=2 pid=12796 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="postfix" exe="/usr/sbin/postfix" type=AVC_PATH msg=audit(1150906621.829:642): path="/root/.rh-fontconfig/.fonts.cache-2" type=CWD msg=audit(1150906621.829:642): cwd="/" type=PATH msg=audit(1150906621.829:642): item=0 name="/usr/sbin/postfix" flags=101 inode=3132499 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00 type=PATH msg=audit(1150906621.829:642): item=1 flags=101 inode=754491 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00
Which seems to not involve the man pages, but font caches for some reason.
That's just completely weird. I wonder if it's a filehandle left open from somewhere. I wonder how to diagnose this further? Since the types aren't consistent, they can't even be dontaudit-ed. I trust nothing has broken anyway?
I don't see any evidence of other problems at this point. The above seems to be specifically related to the use of system-config-services, so perhaps there is some gtk interaction going on. At the CLI, there do not appear to be problems.
I have no clue otherwise.
Once that's done I'd like to try out the dcc and razor modules that are now in rawhide. That will involve going back to permissive mode for a while though.
OK, I've attached the dcc and razor policy files from the current FC5 selinux-policy package. Try installing those, put selinux in permissive mode, do a restorecon on all of your dcc and razor files/directories and see what happens.
Paul.
Just to be clear, I should leave or remove the mydcc policy?
Marc