Re: Request Tracker 3

[Kanwar Ranbir Sandhu <m3freak@xxxxxxxxxx>]

On Wed, 2005-02-02 at 10:56 -0500, Daniel J Walsh wrote:
> could you d a
> 
> chcon -R -t mail_spool_t /var/spool/postfix


Mail config in RT:
------------------
mail command: sendmail
arguments: -oi
path: /usr/sbin/sendmail

avc messages:
-------------
None! RT received the email and sent out an auto-reply without any
selinux denials!  

However, the other email config produced many more selinux denials than
before (last time there was only one message).  I included the messages
below anyway.


Mail config in RT:
------------------
mail command: sendmailpipe
arguments: -oi -t         #(-t required, as stated in RT docs)
path: /usr/sbin/sendmail

avc messages:
-------------
avc:  denied  { search } for  pid=6171 exe=/usr/bin/perl name=postfix
dev=dm-5 ino=34833 scontext=user_u:system_r:httpd_sys_script_t
tcontext=system_u:object_r:mail_spool_t tclass=dir

avc:  denied  { read } for  pid=6173 exe=/usr/sbin/httpd name=sendmail
dev=dm-3 ino=277369 scontext=root:system_r:httpd_t
tcontext=user_u:object_r:sbin_t tclass=lnk_file

avc:  denied  { getattr } for  pid=6173 exe=/usr/sbin/sendmail.postfix
path=socket:[14495] dev=sockfs ino=14495
scontext=root:system_r:system_mail_t tcontext=root:system_r:httpd_t
tclass=unix_stream_socket

avc:  denied  { search } for  pid=6173 exe=/usr/sbin/sendmail.postfix
name=postfix dev=dm-5 ino=34833 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir

avc:  denied  { execute } for  pid=6174 exe=/usr/sbin/sendmail.postfix
name=postdrop dev=dm-3 ino=276825 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:sbin_t tclass=file

avc:  denied  { execute_no_trans } for  pid=6174
exe=/usr/sbin/sendmail.postfix path=/usr/sbin/postdrop dev=dm-3
ino=276825 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:sbin_t tclass=file

avc:  denied  { read } for  pid=6174 exe=/usr/sbin/sendmail.postfix
path=/usr/sbin/postdrop dev=dm-3 ino=276825
scontext=root:system_r:system_mail_t tcontext=system_u:object_r:sbin_t
tclass=file

avc:  denied  { write } for  pid=6174 exe=/usr/sbin/postdrop
name=maildrop dev=dm-5 ino=34842 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir

avc:  denied  { add_name } for  pid=6174 exe=/usr/sbin/postdrop
name=530173.6174 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir

avc:  denied  { create } for  pid=6174 exe=/usr/sbin/postdrop
name=530173.6174 scontext=root:system_r:system_mail_t
tcontext=root:object_r:mail_spool_t tclass=file

avc:  denied  { getattr } for  pid=6174 exe=/usr/sbin/postdrop
path=/var/spool/postfix/maildrop/530173.6174 dev=dm-5 ino=34911
scontext=root:system_r:system_mail_t tcontext=root:object_r:mail_spool_t
tclass=file

avc:  denied  { remove_name } for  pid=6174 exe=/usr/sbin/postdrop
name=530173.6174 dev=dm-5 ino=34911 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir

avc:  denied  { rename } for  pid=6174 exe=/usr/sbin/postdrop
name=530173.6174 dev=dm-5 ino=34911 scontext=root:system_r:system_mail_t
tcontext=root:object_r:mail_spool_t tclass=file

avc:  denied  { write } for  pid=6174 exe=/usr/sbin/postdrop
path=/var/spool/postfix/maildrop/9BD83885F dev=dm-5 ino=34911
scontext=root:system_r:system_mail_t tcontext=root:object_r:mail_spool_t
tclass=file

avc:  denied  { setattr } for  pid=6174 exe=/usr/sbin/postdrop
name=9BD83885F dev=dm-5 ino=34911 scontext=root:system_r:system_mail_t
tcontext=root:object_r:mail_spool_t tclass=file

avc:  denied  { getattr } for  pid=6174 exe=/usr/sbin/postdrop
path=/var/spool/postfix/public/pickup dev=dm-5 ino=34827
scontext=root:system_r:system_mail_t
tcontext=user_u:object_r:mail_spool_t tclass=fifo_file

avc:  denied  { write } for  pid=6174 exe=/usr/sbin/postdrop name=pickup
dev=dm-5 ino=34827 scontext=root:system_r:system_mail_t
tcontext=user_u:object_r:mail_spool_t tclass=fifo_file


Regards,

Ranbir
-- 
Kanwar Ranbir Sandhu
Linux Consultant
Systems Aligned Inc.
www.systemsaligned.com