Commit - rpms/selinux-policy - 1534275f368b99ca902bf8e7c2c23f7d7f9751b1

psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago

`1534275` Dontaudit attempts by system_mail_t to use leaked fd or stream sockets

2 files Authored by Sven Vermeulen 11 years ago, Committed by Dominick Grift 11 years ago,

raw patch tree parent

2 files changed. 5 lines added. 0 lines removed.

    Dontaudit attempts by system_mail_t to use leaked fd or stream sockets
    
    When fail2ban invokes sendmail to send out a mail event, denials such as the
    following ones occur, but without any consequence on the functioning itself (the
    mails are sent out correctly, no errors in logs):
    
    type=AVC msg=audit(1352348532.580:1313): avc:  denied  { read write } for
    pid=28042 comm="sendmail" path="socket:[1480]" dev="sockfs" ino=1480
    scontext=system_u:system_r:system_mail_t tcontext=system_u:system_r:fail2ban_t
    tclass=unix_stream_socket
    type=AVC msg=audit(1352348532.590:1314): avc:  denied  { use } for  pid=28047
    comm="postdrop" path="/dev/null" dev="devtmpfs" ino=3075
    scontext=system_u:system_r:postfix_postdrop_t
    tcontext=system_u:system_r:fail2ban_t tclass=fd
    
    It looks like these are due to leaked file descriptors.
    
    Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>

mta.te

file modified

+1 -0

postfix.te

file modified

+4 -0

psss / rpms / selinux-policy

Source Code

1534275 Dontaudit attempts by system_mail_t to use leaked fd or stream sockets

2 files Authored by Sven Vermeulen 11 years ago, Committed by Dominick Grift 11 years ago,

`1534275` Dontaudit attempts by system_mail_t to use leaked fd or stream sockets