I spoke too soon. It's still not working. For some reason I sent a few
emails, and there were no denials. I waited a few minutes, and then
tried again, and lo and behold, the denials were back.
So, my other message was partially incorrect (the part about there not
being any denials when setting the mail command to "sendmail"). After
running "chcon -R -t mail_spool_t /var/spool/postfix", these were the
denials eventually reported (there a few new ones):
avc: denied { search } for pid=6845 exe=/usr/bin/perl name=postfix
dev=dm-5 ino=34833 scontext=user_u:system_r:httpd_sys_script_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
avc: denied { getattr } for pid=6847 exe=/usr/sbin/sendmail.postfix
path=socket:[17672] dev=sockfs ino=17672
scontext=root:system_r:system_mail_t tcontext=root:system_r:httpd_t
tclass=unix_stream_socket
avc: denied { search } for pid=6847 exe=/usr/sbin/sendmail.postfix
name=postfix dev=dm-5 ino=34833 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
avc: denied { execute } for pid=6848 exe=/usr/sbin/sendmail.postfix
name=postdrop dev=dm-3 ino=276825 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:sbin_t tclass=file
avc: denied { execute_no_trans } for pid=6848
exe=/usr/sbin/sendmail.postfix path=/usr/sbin/postdrop dev=dm-3
ino=276825 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:sbin_t tclass=file
avc: denied { read } for pid=6848 exe=/usr/sbin/sendmail.postfix
path=/usr/sbin/postdrop dev=dm-3 ino=276825
scontext=root:system_r:system_mail_t tcontext=system_u:object_r:sbin_t
tclass=file
avc: denied { write } for pid=6848 exe=/usr/sbin/postdrop
name=maildrop dev=dm-5 ino=34842 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
avc: denied { add_name } for pid=6848 exe=/usr/sbin/postdrop
name=964455.6848 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
avc: denied { create } for pid=6848 exe=/usr/sbin/postdrop
name=964455.6848 scontext=root:system_r:system_mail_t
tcontext=root:object_r:mail_spool_t tclass=file
avc: denied { getattr } for pid=6848 exe=/usr/sbin/postdrop
path=/var/spool/postfix/maildrop/964455.6848 dev=dm-5 ino=34911
scontext=root:system_r:system_mail_t tcontext=root:object_r:mail_spool_t
tclass=file
avc: denied { remove_name } for pid=6848 exe=/usr/sbin/postdrop
name=964455.6848 dev=dm-5 ino=34911 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
avc: denied { rename } for pid=6848 exe=/usr/sbin/postdrop
name=964455.6848 dev=dm-5 ino=34911 scontext=root:system_r:system_mail_t
tcontext=root:object_r:mail_spool_t tclass=file
avc: denied { write } for pid=6848 exe=/usr/sbin/postdrop
path=/var/spool/postfix/maildrop/11B20885F dev=dm-5 ino=34911
scontext=root:system_r:system_mail_t tcontext=root:object_r:mail_spool_t
tclass=file
avc: denied { setattr } for pid=6848 exe=/usr/sbin/postdrop
name=11B20885F dev=dm-5 ino=34911 scontext=root:system_r:system_mail_t
tcontext=root:object_r:mail_spool_t tclass=file
avc: denied { getattr } for pid=6848 exe=/usr/sbin/postdrop
path=/var/spool/postfix/public/pickup dev=dm-5 ino=34827
scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=fifo_file
avc: denied { write } for pid=6848 exe=/usr/sbin/postdrop name=pickup
dev=dm-5 ino=34827 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=fifo_file
HTH in finding a solution.
Regards,
Ranbir
--
Kanwar Ranbir Sandhu
Linux Consultant
Systems Aligned Inc.
www.systemsaligned.com
