I am seeing these avc messages on a newly commissioned and up-to-date CentOs-6
virtual guest:
----
time->Thu Dec 4 12:14:58 2014
type=SYSCALL msg=audit(1417713298.610:60522): arch=c000003e syscall=2
success=no exit=-13 a0=7fd70e6de1e6 a1=0 a2=1b6 a3=0 items=0 ppid=2698
pid=4294 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=2784 comm="trivial-rewrite"
exe="/usr/libexec/postfix/trivial-rewrite"
subj=unconfined_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1417713298.610:60522): avc: denied { read } for pid=4294
comm="trivial-rewrite" name="tmp" dev=dm-0 ino=393240
scontext=unconfined_u:system_r:postfix_master_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=dir
We are using a locally built Postfix (Postfix-2.8+ is required to support
postscreen and CentOS only provides 2.6.6)
rpm -qi postfix
Name : postfix Relocations: (not relocatable)
Version : 2.11.1 Vendor: (none)
Release : 0.el6 Build Date: Thu May 15 14:38:25 2014
Install Date: Fri Nov 28 14:57:25 2014 Build Host:
xnet242.hamilton.harte-lyne.ca
Group : System Environment/Daemons Source RPM:
postfix-2.11.1-0.el6.src.rpm
Size : 13111458 License: IBM
Signature : (none)
URL : http://www.postfix.org
Summary : Postfix Mail Transport Agent
Description :
Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
TLS
Re: SELinux. Do I just build a local policy or is there some boolean setting
needed to handle this? I could not find one if there is but. . .
getsebool -a | grep postfix
allow_postfix_local_write_mail_spool --> on
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
