From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzband.ncsc.mil (jazzband.ncsc.mil [144.51.5.4]) by tycho.ncsc.mil (8.9.3/8.9.3) with ESMTP id DAA04394 for ; Wed, 10 Jul 2002 03:46:02 -0400 (EDT) Received: from jazzband.ncsc.mil (localhost [127.0.0.1]) by jazzband.ncsc.mil with ESMTP id HAA19305 for ; Wed, 10 Jul 2002 07:44:33 GMT Received: from tsv.sws.net.au (tsv.sws.net.au [203.36.46.2]) by jazzband.ncsc.mil with ESMTP id HAA19301 for ; Wed, 10 Jul 2002 07:44:31 GMT Received: from lyta.coker.com.au (localhost [127.0.0.1]) by tsv.sws.net.au (Postfix) with ESMTP id 87D9492462 for ; Wed, 10 Jul 2002 17:45:58 +1000 (EST) Received: from there (localhost [127.0.0.1]) by lyta.coker.com.au (Postfix) with SMTP id C3E6D106 for ; Wed, 10 Jul 2002 09:45:50 +0200 (CEST) Content-Type: text/plain; charset="us-ascii" From: Russell Coker Reply-To: Russell Coker To: SE Linux Subject: audit bug in fd handling Date: Wed, 10 Jul 2002 09:45:50 +0200 MIME-Version: 1.0 Message-Id: <20020710074550.C3E6D106@lyta.coker.com.au> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov It seems that when a file handle open read/write is inherited by a domain that is permitted read access only, an error about write access will be logged - even if there is a dontaudit rule! Here's the dmesg log: avc: denied { write } for pid=4731 exe=/usr/sbin/sendmail path=/spool/fcron/fcrjob-Ldo3Uf (deleted) dev=03:08 ino=27923 scontext=system_u:system_r:system_mail_t tcontext=system_u:object_r:system_crond_tmp_t tclass=file Here's a grep from policy.conf: dontaudit system_mail_t system_crond_tmp_t:file write; Incidentally I'm changing the way mail sending operates. Having daemons send mail as sysadm_mail_t is ugly, and having them send mail as user_mail_t is wrong. I've created a new system_mail_t for this. -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >>From field. -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.