On Tue, 30 Mar 2004 09:42, Rudi Chiarito <nutello@xxxxxxxxxxxxx> wrote:
> I successfully - or so it seems - convinced a box to work in enforcing
> mode, but as of today I still see these error messages whenever postfix
> is started:
>
> Mar 29 17:33:35 pizza kernel: audit(1080603215.577:0): avc: denied {
> write } for pid=5102 exe=/usr/sbin/postalias name=aliases.db dev=sda3
> ino=245461 scontext=root:system_r:postfix_master_t
> tcontext=system_u:object_r:postfix_etc_t tclass=file
> Mar 29 17:33:36 pizza kernel: audit(1080603216.592:0): avc: denied {
> search } for pid=5103 exe=/bin/bash dev= ino=1
> scontext=root:system_r:postfix_master_t
> tcontext=system_u:object_r:devpts_t tclass=dir
Add the following to postfix.te:
allow postfix_master_t postfix_etc_t:file rw_file_perms;
allow postfix_master_t devpts_t:dir search;
> Mar 29 17:33:36 pizza kernel: audit(1080603216.597:0): avc: denied {
> execute } for pid=5104 exe=/bin/bash name=master dev=sda3 ino=1407396
> scontext=root:system_r:postfix_master_t tcontext=system_u:object_r:lib_t
> tclass=file
What is this "master" file? Please run "find / -inum 1407396" and tell me
what it reports.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
