2009/4/14 D Tucny <d@tucny.com>

2009/4/14 Dan Mensom <mensomman@yahoo.com>

Hey guys,

I've been getting some strange selinux messages after the 5.3 upgrade.
It appears as though my mail system (postfix) is constantly trying to
access the rpm database? Here's the audit messages (I tend to look at
my selinux messages using audit2allow < /var/log/audit.log as I find
it easier to read quickly):

Does anyone know what these accesses are? And why they might be still
continously triggering for the mail system, where as all the other
packages have stopped causing them?

Also, on a related note, is it normally best practices to 'setenforce 0'
during a 5.x upgrade? Is it possible I've damaged something by leaving
selinux enabled? Other than the spamassassin issue, the machine seems
to be running ok..

I've seen the same with a bit of php sending mail through a cronjob... I've so far been unable to reproduce it though... The php in question isn't supposed to touch the rpmdb even it was maintaining open file handles when launching sendmail...

Narrowed it down, nothing to do with the php, it's when cron was sending a mail, the php script was just a regular cron job... Stopped crond, tried debugging it in foreground and saw nothing related... Started crond back up again and the messages are no longer appearing...

I wonder if it was something to do with cron being last started during an rpm transaction as a result of being upgraded and it receiving the rpmdb filehandles at that point and sharing them with sendmail...

d