Hi all,
I'm trying to add some milters (particularly spamass-milter and
clamav-milter, which I acquired through rpmforge) to my postfix
configuration on Centos5 with the targeted SELinux policy..
I'm running into difficulty getting postfix to communicate through the
unix domain sockets created by the milters, because selinux keeps
blocking them. I've attempted to use audit2allow to fix this, and made
some progress in allowing postfix to write to the socket. I'm getting
stuck on the following audit.log error, though.
type=AVC msg=audit(1210016235.033:6265): avc: denied { use } for
pid=17995 comm="cleanup" path="socket:[372498]" dev=sockfs ino=372498
scontext=root:system_r:postfix_cleanup_t:s0
tcontext=root:system_r:postfix_smtpd_t:s0 tclass=fd
type=SYSCALL msg=audit(1210016235.033:6265): arch=c000003e syscall=47
success=yes exit=1 a0=9 a1=7fff0ec2f220 a2=0 a3=0 items=0 ppid=17983
pid=17995 auid=0 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89
fsgid=89 tty=(none) comm="cleanup" exe="/usr/libexec/postfix/cleanup"
subj=root:system_r:postfix_cleanup_t:s0 key=(null)
I use audit2allow to try to fix this, but the resulting rule:
allow postfix_cleanup_t postfix_smtpd_t:fd use;
does nothing to help. Has anyone succesfully added unix domain socket
based milters to postfix without disabling selinux? If anyone has any
suggestions, I'd be grateful.
Thanks,
Michael Saavedra
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
