[CentOS] Odd SELinux messages during+after 5.3 upgrade (system_mail_t and postfix_postdrop_t access rpm_var_lib_t)

Tue Apr 14 04:54:42 UTC 2009
D Tucny <d at tucny.com>

2009/4/14 D Tucny <d at tucny.com>

> 2009/4/14 Dan Mensom <mensomman at yahoo.com>
>
>>
>> Hey guys,
>>
>> I've been getting some strange selinux messages after the 5.3 upgrade.
>> It appears as though my mail system (postfix) is constantly trying to
>> access the rpm database? Here's the audit messages (I tend to look at
>> my selinux messages using audit2allow < /var/log/audit.log as I find
>> it easier to read quickly):
>>
>> Does anyone know what these accesses are? And why they might be still
>> continously triggering for the mail system, where as all the other
>> packages have stopped causing them?
>>
>> Also, on a related note, is it normally best practices to 'setenforce 0'
>> during a 5.x upgrade? Is it possible I've damaged something by leaving
>> selinux enabled? Other than the spamassassin issue, the machine seems
>> to be running ok..
>>
>
> I've seen the same with a bit of php sending mail through a cronjob... I've
> so far been unable to reproduce it though... The php in question isn't
> supposed to touch the rpmdb even it was maintaining open file handles when
> launching sendmail...
>

Narrowed it down, nothing to do with the php, it's when cron was sending a
mail, the php script was just a regular cron job... Stopped crond, tried
debugging it in foreground and saw nothing related... Started crond back up
again and the messages are no longer appearing...

I wonder if it was something to do with cron being last started during an
rpm transaction as a result of being upgraded and it receiving the rpmdb
filehandles at that point and sharing them with sendmail...

d
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20090414/ccd6188e/attachment-0005.html>