Hi; Ok - thx 4 the help. I changed the policy. Migrating to FC5 is planed but not before Release and some private testing. The FC5 selinux changes look promising! hb Am Samstag, den 11.03.2006, 10:01 -0500 schrieb Daniel J Walsh: > Holger Burde wrote: > > Hi; > > > > FC 4 currrent with targeted - up2date & unmodified. > > > > The postfix Policy or some other seems 2 prevent binding postfix to > > unpriv Ports > 1023 (10026 in my case). Is this intentional and if why ? > > Daemon based Filtering stuff needs those high-ports. > > Since after setting setenforce to 0 it works i think i must be policy > > related (the system has no source policy - so i didn't dig into that > > yet). > > > > Mar 11 14:06:40 proton postfix/master[3413]: fatal: bind 127.0.0.1 port > > 10026: Permission denied > > > > No avc denies (audit2allow) - strange and not funny .. if its policy > > related. > > > > PS I use some of my own RPMs (clamsmtp & anomy ..) with Postfix (FC4) & > > Clamav (FC4 extras) which works beside this Port Problem. Since selinux > > is part of my security Concept setenforce 0 is no option. > > hb > > > > Well you have two choices. You can update to FC5 and use some of the > semanage to add additional ports > to postfix. > > In order to get these additional audit messages in FC4 you need to > install policy-sources and run a > make enableaudit; make reload, you can also edit the postfix policy to > allow the additional ports. You need to > edit net_context file. > > In FC5 you can just load the enableaudit.pp policy package semodule -b > /usr/share/selinux/targeted/enableaudit.pp > > Lots of new features in FC5 to handle local customizations. > > > -- --- -- - Dipl. Inform. H. Burde EMail : <hburde@xxxxxxxxxxx>| <hburde@xxxxxxxxxxxxx> -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
