Holger Burde wrote:
Hi;
FC 4 currrent with targeted - up2date & unmodified.
The postfix Policy or some other seems 2 prevent binding postfix to
unpriv Ports > 1023 (10026 in my case). Is this intentional and if why ?
Daemon based Filtering stuff needs those high-ports.
Since after setting setenforce to 0 it works i think i must be policy
related (the system has no source policy - so i didn't dig into that
yet).
Mar 11 14:06:40 proton postfix/master[3413]: fatal: bind 127.0.0.1 port
10026: Permission denied
No avc denies (audit2allow) - strange and not funny .. if its policy
related.
PS I use some of my own RPMs (clamsmtp & anomy ..) with Postfix (FC4) &
Clamav (FC4 extras) which works beside this Port Problem. Since selinux
is part of my security Concept setenforce 0 is no option.
hb
Well you have two choices. You can update to FC5 and use some of the
semanage to add additional ports
to postfix.
In order to get these additional audit messages in FC4 you need to
install policy-sources and run a
make enableaudit; make reload, you can also edit the postfix policy to
allow the additional ports. You need to
edit net_context file.
In FC5 you can just load the enableaudit.pp policy package semodule -b
/usr/share/selinux/targeted/enableaudit.pp
Lots of new features in FC5 to handle local customizations.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
