On Mon, May 5, 2014 11:48, Daniel J Walsh wrote: > > On 05/05/2014 11:22 AM, James B. Byrne wrote: >> CentOS-6.5 >> OpenDKIM-2.9.0 (epel) >> Postfix-2.6.6 (updates) >> >> I am trying to get opendkim working with our mailing lists. In the course >> of that endeavour I note that these messages are appearing in our syslog: >> >> >> May 4 20:50:02 inet08 setroubleshoot: SELinux is preventing >> /usr/sbin/opendkim from using the signull access on a process. For complete >> SELinux messages. run sealert -l 442cb257-3db2-488c-a92e-bfc936e16a0c >> . . . > Attaching the output of the sealert command or the audit.log would help. > FYI # grep dkim /var/log/audit/audit.log type=AVC msg=audit(1399250949.323:82972): avc: denied { signull } for pid=32289 comm="opendkim" scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=unconfined_u:system_r:dkim_milter_t:s0 tclass=process type=SYSCALL msg=audit(1399250949.323:82972): arch=c000003e syscall=234 success=yes exit=0 a0=6932 a1=769f a2=0 a3=7f2264ff6110 items=0 ppid=26929 pid=32289 auid=0 uid=494 gid=493 euid=494 suid=494 fsuid=494 egid=493 sgid=493 fsgid=493 tty=(none) ses=5283 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) type=AVC msg=audit(1399251319.711:82997): avc: denied { dac_override } for pid=327 comm="opendkim" capability=1 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=unconfined_u:system_r:dkim_milter_t:s0 tclass=capability type=SYSCALL msg=audit(1399251319.711:82997): arch=c000003e syscall=2 success=yes exit=3 a0=15aace7 a1=0 a2=1b6 a3=0 items=0 ppid=326 pid=327 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=11446 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) type=AVC msg=audit(1399254500.911:83137): avc: denied { dac_override } for pid=1326 comm="opendkim" capability=1 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=unconfined_u:system_r:dkim_milter_t:s0 tclass=capability type=SYSCALL msg=audit(1399254500.911:83137): arch=c000003e syscall=2 success=yes exit=3 a0=1161ce7 a1=0 a2=1b6 a3=0 items=0 ppid=1325 pid=1326 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=11446 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) type=AVC msg=audit(1399277028.540:84183): avc: denied { search } for pid=10770 comm="opendkim" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir type=AVC msg=audit(1399277028.540:84183): avc: denied { read } for pid=10770 comm="opendkim" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=AVC msg=audit(1399277028.540:84183): avc: denied { open } for pid=10770 comm="opendkim" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=SYSCALL msg=audit(1399277028.540:84183): arch=c000003e syscall=2 success=yes exit=20 a0=7ff020cd12b8 a1=80000 a2=2803ff a3=7fefff5fdba0 items=0 ppid=1329 pid=10770 auid=0 uid=494 gid=493 euid=494 suid=494 fsuid=494 egid=493 sgid=493 fsgid=493 tty=(none) ses=11446 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) type=ANOM_ABEND msg=audit(1399300306.429:85270): auid=0 uid=494 gid=493 ses=11446 subj=unconfined_u:system_r:dkim_milter_t:s0 pid=1331 comm="opendkim" sig=6 type=AVC msg=audit(1399300307.258:85271): avc: denied { dac_override } for pid=32612 comm="opendkim" capability=1 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=unconfined_u:system_r:dkim_milter_t:s0 tclass=capability type=SYSCALL msg=audit(1399300307.258:85271): arch=c000003e syscall=2 success=yes exit=3 a0=24b1d37 a1=0 a2=1b6 a3=0 items=0 ppid=32611 pid=32612 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=11755 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) type=AVC msg=audit(1399300584.801:85284): avc: denied { dac_override } for pid=488 comm="opendkim" capability=1 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=unconfined_u:system_r:dkim_milter_t:s0 tclass=capability type=SYSCALL msg=audit(1399300584.801:85284): arch=c000003e syscall=2 success=yes exit=3 a0=d28d37 a1=0 a2=1b6 a3=0 items=0 ppid=487 pid=488 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=11755 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) type=AVC msg=audit(1399301445.943:85340): avc: denied { dac_override } for pid=972 comm="opendkim" capability=1 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=unconfined_u:system_r:dkim_milter_t:s0 tclass=capability type=SYSCALL msg=audit(1399301445.943:85340): arch=c000003e syscall=2 success=yes exit=3 a0=25acd37 a1=0 a2=1b6 a3=0 items=0 ppid=971 pid=972 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=11755 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) type=AVC msg=audit(1399304087.588:85446): avc: denied { dac_override } for pid=3500 comm="opendkim" capability=1 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=unconfined_u:system_r:dkim_milter_t:s0 tclass=capability type=SYSCALL msg=audit(1399304087.588:85446): arch=c000003e syscall=2 success=yes exit=3 a0=908d37 a1=0 a2=1b6 a3=0 items=0 ppid=3499 pid=3500 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=11755 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) type=AVC msg=audit(1399304622.087:85517): avc: denied { search } for pid=3899 comm="opendkim" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir type=AVC msg=audit(1399304622.087:85517): avc: denied { read } for pid=3899 comm="opendkim" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=AVC msg=audit(1399304622.087:85517): avc: denied { open } for pid=3899 comm="opendkim" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=SYSCALL msg=audit(1399304622.087:85517): arch=c000003e syscall=2 success=yes exit=18 a0=7f8c877a92b8 a1=80000 a2=2803ff a3=7f8c6a1fbba0 items=0 ppid=3501 pid=3899 auid=0 uid=494 gid=493 euid=494 suid=494 fsuid=494 egid=493 sgid=493 fsgid=493 tty=(none) ses=11755 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) type=AVC msg=audit(1399305489.246:85560): avc: denied { dac_override } for pid=4711 comm="opendkim" capability=1 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=unconfined_u:system_r:dkim_milter_t:s0 tclass=capability type=SYSCALL msg=audit(1399305489.246:85560): arch=c000003e syscall=2 success=yes exit=3 a0=21c8db7 a1=0 a2=1b6 a3=0 items=0 ppid=4710 pid=4711 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=11755 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) type=ANOM_ABEND msg=audit(1399305489.250:85561): auid=0 uid=0 gid=0 ses=11755 subj=unconfined_u:system_r:dkim_milter_t:s0 pid=4711 comm="opendkim" sig=11 type=AVC msg=audit(1399305583.965:85562): avc: denied { dac_override } for pid=4821 comm="opendkim" capability=1 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=unconfined_u:system_r:dkim_milter_t:s0 tclass=capability type=SYSCALL msg=audit(1399305583.965:85562): arch=c000003e syscall=2 success=yes exit=3 a0=21a5db7 a1=0 a2=1b6 a3=0 items=0 ppid=4820 pid=4821 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=11755 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) type=ANOM_ABEND msg=audit(1399305583.970:85563): auid=0 uid=0 gid=0 ses=11755 subj=unconfined_u:system_r:dkim_milter_t:s0 pid=4821 comm="opendkim" sig=11 type=AVC msg=audit(1399306005.965:85609): avc: denied { dac_override } for pid=5210 comm="opendkim" capability=1 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=unconfined_u:system_r:dkim_milter_t:s0 tclass=capability type=SYSCALL msg=audit(1399306005.965:85609): arch=c000003e syscall=2 success=yes exit=3 a0=896db7 a1=0 a2=1b6 a3=0 items=0 ppid=5209 pid=5210 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=11755 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) type=ANOM_ABEND msg=audit(1399306007.204:85610): auid=0 uid=494 gid=493 ses=11755 subj=unconfined_u:system_r:dkim_milter_t:s0 pid=4859 comm="opendkim" sig=6 type=ANOM_ABEND msg=audit(1399308116.940:85723): auid=0 uid=494 gid=493 ses=11755 subj=unconfined_u:system_r:dkim_milter_t:s0 pid=5324 comm="opendkim" sig=6 type=AVC msg=audit(1399308117.051:85724): avc: denied { dac_override } for pid=6402 comm="opendkim" capability=1 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=unconfined_u:system_r:dkim_milter_t:s0 tclass=capability type=SYSCALL msg=audit(1399308117.051:85724): arch=c000003e syscall=2 success=yes exit=3 a0=1f55db7 a1=0 a2=1b6 a3=0 items=0 ppid=6401 pid=6402 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=11813 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) type=AVC msg=audit(1399313980.345:86053): avc: denied { dac_override } for pid=9683 comm="opendkim" capability=1 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=unconfined_u:system_r:dkim_milter_t:s0 tclass=capability type=SYSCALL msg=audit(1399313980.345:86053): arch=c000003e syscall=2 success=yes exit=3 a0=6ebdb7 a1=0 a2=1b6 a3=0 items=0 ppid=9682 pid=9683 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=11842 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) type=ANOM_ABEND msg=audit(1399313981.617:86054): auid=0 uid=494 gid=493 ses=11813 subj=unconfined_u:system_r:dkim_milter_t:s0 pid=6407 comm="opendkim" sig=6 type=AVC msg=audit(1399314071.098:86061): avc: denied { dac_override } for pid=9748 comm="opendkim" capability=1 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=unconfined_u:system_r:dkim_milter_t:s0 tclass=capability type=SYSCALL msg=audit(1399314071.098:86061): arch=c000003e syscall=2 success=yes exit=3 a0=f42db7 a1=0 a2=1b6 a3=0 items=0 ppid=9747 pid=9748 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=11842 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) type=AVC msg=audit(1399316862.527:86239): avc: denied { dac_override } for pid=13015 comm="opendkim" capability=1 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=unconfined_u:system_r:dkim_milter_t:s0 tclass=capability type=SYSCALL msg=audit(1399316862.527:86239): arch=c000003e syscall=2 success=yes exit=3 a0=e4ddb7 a1=0 a2=1b6 a3=0 items=0 ppid=13014 pid=13015 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=11842 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) type=ANOM_ABEND msg=audit(1399316863.171:86240): auid=0 uid=494 gid=493 ses=11842 subj=unconfined_u:system_r:dkim_milter_t:s0 pid=9753 comm="opendkim" sig=6 type=AVC msg=audit(1399322293.847:86503): avc: denied { search } for pid=19335 comm="opendkim" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir type=AVC msg=audit(1399322293.847:86503): avc: denied { read } for pid=19335 comm="opendkim" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=AVC msg=audit(1399322293.847:86503): avc: denied { open } for pid=19335 comm="opendkim" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=SYSCALL msg=audit(1399322293.847:86503): arch=c000003e syscall=2 success=yes exit=18 a0=7f202bbd82b8 a1=80000 a2=2803ff a3=7f200ebfcba0 items=0 ppid=13066 pid=19335 auid=0 uid=494 gid=493 euid=494 suid=494 fsuid=494 egid=493 sgid=493 fsgid=493 tty=(none) ses=11842 comm="opendkim" exe="/usr/sbin/opendkim" subj=unconfined_u:system_r:dkim_milter_t:s0 key=(null) The sealerts are no longer available for some reason. sealert -l 442cb257-3db2-488c-a92e-bfc936e16a0c Error query_alerts error (1003): id (442cb257-3db2-488c-a92e-bfc936e16a0c) not found -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3