Re: SeLinux and mail relaying

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Jul 10, 2006, at 3:49 AM, Paul Howarth wrote:


On Fri, 2006-07-07 at 16:34 -0400, redhatdude@xxxxxxxxxxxxx wrote:

Hi,
While trying to set up a mail cgi script, I discovered that Selinux
is not allowing relaying mail from anything but postfix. I realized
this when I turned off selinux and I started getting the result of
cron jobs and other similar system emails.
So my question is , how can I make selinux allow programs other than 
postfix and cyrus to relay emails?


Can you post the AVC messages you are getting when mail from cron is
being blocked by SELinux?

Paul.




Hi,
Here it is.
Thanks for you help.
EJ
type=AVC_PATH msg=audit(1152547081.207:3467): path="/var/lib/imap/ socket/lmtp" type=SOCKADDR msg=audit(1152547081.207:3467): saddr=01002F7661722F6C69622F696D61702F736F636B65742F6C6D7470000000000000 000000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000000 0000000000 type=SOCKETCALL msg=audit(1152547081.207:3467): nargs=3 a0=b a1=bfc966ec a2=6e type=PATH msg=audit(1152547081.207:3467): item=0 name=(null) inode=8585327 dev=fd:00 mode=0140777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cyrus_var_lib_t:s0 type=AVC msg=audit(1152547081.303:3468): avc: denied { connectto } for pid=31220 comm="lmtp" name="lmtp" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket type=SYSCALL msg=audit(1152547081.303:3468): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bffc5900 a2=f8e430 a3=f90c24 items=1 pid=31220 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) comm="lmtp" exe="/usr/ libexec/postfix/lmtp" subj=system_u:system_r:postfix_master_t:s0 type=AVC_PATH msg=audit(1152547081.303:3468): path="/var/lib/imap/ socket/lmtp" type=SOCKADDR msg=audit(1152547081.303:3468): saddr=01002F7661722F6C69622F696D61702F736F636B65742F6C6D7470000000000000 000000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000000 0000000000 type=SOCKETCALL msg=audit(1152547081.303:3468): nargs=3 a0=b a1=bffc5a1c a2=6e type=PATH msg=audit(1152547081.303:3468): item=0 name=(null) inode=8585327 dev=fd:00 mode=0140777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cyrus_var_lib_t:s0
This is the message I get when I try to run a mail form cgi script, which is why I realized that I was having problems with my system sending mail.
type=AVC msg=audit(1152547494.882:3475): avc: denied { getattr } for pid=31270 comm="postdrop" name="[165322]" dev=pipefs ino=165322 scontext=user_u:system_r:postfix_postdrop_t:s0 tcontext=user_u:system_r:httpd_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1152547494.882:3475): arch=40000003 syscall=197 success=no exit=-13 a0=2 a1=bfa6d7c0 a2=50aff4 a3=3 items=0 pid=31270 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=90 sgid=90 fsgid=90 tty=(none) comm="postdrop" exe="/ usr/sbin/postdrop" subj=user_u:system_r:postfix_postdrop_t:s0 
type=AVC_PATH msg=audit(1152547494.882:3475):  path="pipe:[165322]"
type=AVC msg=audit(1152547495.010:3476): avc: denied { connectto } for pid=31274 comm="lmtp" name="lmtp" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket type=SYSCALL msg=audit(1152547495.010:3476): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bffb50f0 a2=4b1430 a3=4b3c24 items=1 pid=31274 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) comm="lmtp" exe="/usr/ libexec/postfix/lmtp" subj=system_u:system_r:postfix_master_t:s0 type=AVC_PATH msg=audit(1152547495.010:3476): path="/var/lib/imap/ socket/lmtp" type=SOCKADDR msg=audit(1152547495.010:3476): saddr=01002F7661722F6C69622F696D61702F736F636B65742F6C6D7470000000000000 000000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000000 0000000000 type=SOCKETCALL msg=audit(1152547495.010:3476): nargs=3 a0=b a1=bffb520c a2=6e type=PATH msg=audit(1152547495.010:3476): item=0 name=(null) inode=8585327 dev=fd:00 mode=0140777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cyrus_var_lib_t:s0 

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux