postfix AVCs

fedora@xxxxxxxxxxxx · Tue, 14 Feb 2006 16:00:04 +0100

Hello All,

Using targeted policies 1.27.1-2.18 with postfix-2.2.2-2 on FC4.

I receive lots of AVCs related to postfix (here is one regarding postdrop, but 
I have also 'sendmail.postfix', 'cleanup' and 'spamc' related AVCs) :

type=AVC msg=audit(1139803214.270:14817): avc:  denied  { getattr } for  
pid=14521 comm="postdrop" name="pickup" dev=hda2 ino=6193158 
scontext=root:system_r:postfix_pipe_t 
tcontext=system_u:object_r:postfix_public_t tclass=fifo_file
type=SYSCALL msg=audit(1139803214.270:14817): arch=c000003e syscall=4 
success=yes exit=0 a0=62cf28 a1=7fffffb60270 a2=7fffffb60270 a3=2aaaaaaab000 
items=1 pid=14521 auid=500 uid=99 gid=99 euid=99 suid=99 fsuid=99 egid=90 
sgid=90 fsgid=90 comm="postdrop" exe="/usr/sbin/postdrop"
type=AVC_PATH msg=audit(1139803214.270:14817):  
path="/var/spool/postfix/public/pickup"
type=CWD msg=audit(1139803214.270:14817):  cwd="/var/spool/postfix"
type=PATH msg=audit(1139803214.270:14817): item=0 name="public/pickup" flags=1  
inode=6193158 dev=03:02 mode=010622 ouid=89 ogid=89 rdev=00:00
type=AVC msg=audit(1139803214.270:14818): avc:  denied  { write } for  
pid=14521 comm="postdrop" name="pickup" dev=hda2 ino=6193158 
scontext=root:system_r:postfix_pipe_t 
tcontext=system_u:object_r:postfix_public_t tclass=fifo_file
type=SYSCALL msg=audit(1139803214.270:14818): arch=c000003e syscall=2 
success=yes exit=4 a0=62cf28 a1=801 a2=0 a3=2aaaaaaab000 items=1 pid=14521 
auid=500 uid=99 gid=99 euid=99 suid=99 fsuid=99 egid=90 sgid=90 fsgid=90 
comm="postdrop" exe="/usr/sbin/postdrop"
type=CWD msg=audit(1139803214.270:14818):  cwd="/var/spool/postfix"
type=PATH msg=audit(1139803214.270:14818): item=0 name="public/pickup" 
flags=101  inode=6193158 dev=03:02 mode=010622 ouid=89 ogid=89 rdev=00:00

Any explanation ?

If a known bug, could someone post a working postfix.fc/postfix.te set ?

TIA

======================
PS:sorry for the double posting. the first was erroneously 'in-reply-to' 
another message. it would be a pity that someone miss my interesting message 
because of threads filtering ;-)

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list