[CentOS] Odd SELinux messages during+after 5.3 upgrade (system_mail_t and postfix_postdrop_t access rpm_var_lib_t)
d at tucny.com
Tue Apr 14 04:54:42 UTC 2009
2009/4/14 D Tucny <d at tucny.com>
> 2009/4/14 Dan Mensom <mensomman at yahoo.com>
>> Hey guys,
>> I've been getting some strange selinux messages after the 5.3 upgrade.
>> It appears as though my mail system (postfix) is constantly trying to
>> access the rpm database? Here's the audit messages (I tend to look at
>> my selinux messages using audit2allow < /var/log/audit.log as I find
>> it easier to read quickly):
>> Does anyone know what these accesses are? And why they might be still
>> continously triggering for the mail system, where as all the other
>> packages have stopped causing them?
>> Also, on a related note, is it normally best practices to 'setenforce 0'
>> during a 5.x upgrade? Is it possible I've damaged something by leaving
>> selinux enabled? Other than the spamassassin issue, the machine seems
>> to be running ok..
> I've seen the same with a bit of php sending mail through a cronjob... I've
> so far been unable to reproduce it though... The php in question isn't
> supposed to touch the rpmdb even it was maintaining open file handles when
> launching sendmail...
Narrowed it down, nothing to do with the php, it's when cron was sending a
mail, the php script was just a regular cron job... Stopped crond, tried
debugging it in foreground and saw nothing related... Started crond back up
again and the messages are no longer appearing...
I wonder if it was something to do with cron being last started during an
rpm transaction as a result of being upgraded and it receiving the rpmdb
filehandles at that point and sharing them with sendmail...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the CentOS