2009/4/14 D Tucny d@tucny.com
2009/4/14 Dan Mensom mensomman@yahoo.com
Hey guys,
I've been getting some strange selinux messages after the 5.3 upgrade. It appears as though my mail system (postfix) is constantly trying to access the rpm database? Here's the audit messages (I tend to look at my selinux messages using audit2allow < /var/log/audit.log as I find it easier to read quickly):
Does anyone know what these accesses are? And why they might be still continously triggering for the mail system, where as all the other packages have stopped causing them?
Also, on a related note, is it normally best practices to 'setenforce 0' during a 5.x upgrade? Is it possible I've damaged something by leaving selinux enabled? Other than the spamassassin issue, the machine seems to be running ok..
I've seen the same with a bit of php sending mail through a cronjob... I've so far been unable to reproduce it though... The php in question isn't supposed to touch the rpmdb even it was maintaining open file handles when launching sendmail...
Narrowed it down, nothing to do with the php, it's when cron was sending a mail, the php script was just a regular cron job... Stopped crond, tried debugging it in foreground and saw nothing related... Started crond back up again and the messages are no longer appearing...
I wonder if it was something to do with cron being last started during an rpm transaction as a result of being upgraded and it receiving the rpmdb filehandles at that point and sharing them with sendmail...
d