Re: squirrelmail / postfix mail lost policy 1.17.30-2.80

[Daniel J Walsh <dwalsh@xxxxxxxxxx>]

Jeremy Ardley wrote:

> Daniel J Walsh wrote:
>
> > Jeremy Ardley wrote:
> >
> > > Daniel J Walsh wrote:
> > >
> > > > Could you try the selinux-policy-targeted-1.17.30-2.84 on
> > > > ftp://people.redhat.com/dwalsh/SELinux/FC3
> > > The latest copy there is selinux-policy-targeted-1.17.30-2.81
> > >
> > > Should I try this ?
> > I see 84.
> So do I now that I hit refresh on my browser.
>
> Installed using rpm -Uvh selinux-policy-targeted-1.17.30-2.84.noarch.rpm
>
> Then I ran  restorecon -R -v /var/lib/squirrelmail 
> /usr/sbin/sendmail.postfix /var/spool
>
> And got
>
> Feb 25 04:56:27 mail kernel: audit(1109278587.831:0): avc:  denied  { 
> append } for  pid=9795 exe=/usr/sbin/sendmail.postfix 
> path=/var/log/httpd/error_log dev=dm-0 ino=4033974 
> scontext=user_u:system_r:system_mail_t 
> tcontext=root:object_r:httpd_runtime_t tclass=file
> Feb 25 04:56:27 mail kernel: audit(1109278587.832:0): avc:  denied  { 
> append } for  pid=9795 exe=/usr/sbin/sendmail.postfix 
> path=/var/log/httpd/error_log dev=dm-0 ino=4033974 
> scontext=user_u:system_r:system_mail_t 
> tcontext=root:object_r:httpd_runtime_t tclass=file
> Feb 25 04:56:27 mail kernel: audit(1109278587.832:0): avc:  denied  { 
> append } for  pid=9795 exe=/usr/sbin/sendmail.postfix 
> path=/var/log/httpd/ssl_error_log dev=dm-0 ino=4033975 
> scontext=user_u:system_r:system_mail_t 
> tcontext=root:object_r:httpd_runtime_t tclass=file
> Feb 25 04:56:27 mail kernel: audit(1109278587.832:0): avc:  denied  { 
> append } for  pid=9795 exe=/usr/sbin/sendmail.postfix 
> path=/var/log/httpd/access_log dev=dm-0 ino=4032679 
> scontext=user_u:system_r:system_mail_t 
> tcontext=root:object_r:httpd_runtime_t tclass=file
> Feb 25 04:56:27 mail kernel: audit(1109278587.832:0): avc:  denied  { 
> append } for  pid=9795 exe=/usr/sbin/sendmail.postfix 
> path=/var/log/httpd/ssl_access_log dev=dm-0 ino=3784723 
> scontext=user_u:system_r:system_mail_t 
> tcontext=root:object_r:httpd_runtime_t tclass=file
> Feb 25 04:56:27 mail kernel: audit(1109278587.832:0): avc:  denied  { 
> append } for  pid=9795 exe=/usr/sbin/sendmail.postfix 
> path=/var/log/httpd/ssl_request_log dev=dm-0 ino=3784724 
> scontext=user_u:system_r:system_mail_t 
> tcontext=root:object_r:httpd_runtime_t tclass=file
> Feb 25 04:56:27 mail kernel: audit(1109278587.856:0): avc:  denied  { 
> search } for  pid=9795 exe=/usr/sbin/sendmail.postfix name=postfix 
> dev=dm-0 ino=4032524 scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:mail_spool_t tclass=dir
>
> On a hunch I ran restorecon -R -v /var/log
>
> and then got
>
> Feb 25 05:01:08 mail kernel: audit(1109278868.985:0): avc:  denied  { 
> search } for  pid=9813 exe=/usr/sbin/sendmail.postfix name=postfix 
> dev=dm-0 ino=4032524 scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:mail_spool_t tclass=dir
Could you run one more test. 

Run setenforce 0
and then try to use the mail program.  What other AVC messages do you see?

> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list