Andy Green wrote:
Andy Green wrote:
Sep 27 14:08:56 siamese postfix/smtpd[13486]: warning: connect to
/var/spool/postfix/postgrey/socket: Permission denied
...
However there are no avc complaints in /var/log/messages. Turning off
I discover /var/log/audit/audit.log ... much neater once you know about
it :-) This is the AVC message:
type=AVC msg=audit(1127827818.253:472): avc: denied { connectto } for
pid=13783 comm="smtpd" name="socket"
scontext=root:system_r:postfix_smtpd_t tcontext=root:system_r:initrc_t
tclass=unix_stream_socket
type=SYSCALL msg=audit(1127827818.253:472): arch=c000003e syscall=42
success=yes exit=0 a0=14 a1=7fffffa59ec0 a2=6e a3=7fffffa59ec2 items=1
pid=13783 auid=500 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89
sgid=89 fsgid=89 comm="smtpd" exe="/usr/libexec/postfix/smtpd"
type=AVC_PATH msg=audit(1127827818.253:472):
path="/var/spool/postfix/postgrey/socket"
type=SOCKADDR msg=audit(1127827818.253:472):
saddr=01002F7661722F73706F6F6C2F706F73746669782F706F7374677265792F736F636B65740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
type=PATH msg=audit(1127827818.253:472): item=0 flags=1 inode=3342296
dev=fd:00 mode=0140666 ouid=95 ogid=99 rdev=00:00
If you install selinux-policy-targeted-sources and add this line to
/etc/selinux/policy/src/targeted/domains/misc/local.te
allow postfix_smtpd_t initrc_t:unix_stream_socket connectto;
And do a
make -c /etc/selinux/targeted/src/policy load
Does that fix your problem?
-Andy
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
