On Tue, 2004-03-30 at 03:55, Russell Coker wrote:
> Add the following to postfix.te:
> allow postfix_master_t postfix_etc_t:file rw_file_perms;
Is that truly what you want, i.e. allowing it to rewrite any file with
that type? Should the aliases.db file be moved into a separate type, so
that only it needs to be writable?
> allow postfix_master_t devpts_t:dir search;
>
> > Mar 29 17:33:36 pizza kernel: audit(1080603216.597:0): avc: denied {
> > execute } for pid=5104 exe=/bin/bash name=master dev=sda3 ino=1407396
> > scontext=root:system_r:postfix_master_t tcontext=system_u:object_r:lib_t
> > tclass=file
>
> What is this "master" file? Please run "find / -inum 1407396" and tell me
> what it reports.
Even better, boot with audit=1 so that the supplementary audit records
will report the pathname passed to the system call.
--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency
