-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Harry Hoffman wrote: > My apologies if this is the wrong list and there is a rhel/centos > specific selinux list... > > Trying to run postfix-2.2.3 on centos5. I'm using LDAP for maps and > authentication. > > Everytime I run postqueue -p (to show the mail queue) the command times > out. > > The following messages are logged in /var/log/maillog: > Sep 25 14:50:03 mail1 postfix/showq[9842]: nss_ldap: failed to bind to > LDAP serv > er ldap://localhost/: Can't contact LDAP server > Sep 25 14:50:03 mail1 postfix/showq[9842]: nss_ldap: failed to bind to > LDAP serv > er ldap://localhost/: Can't contact LDAP server > Sep 25 14:50:03 mail1 postfix/showq[9842]: nss_ldap: reconnecting to > LDAP server > (sleeping 4 seconds)... > Sep 25 14:50:07 mail1 postfix/showq[9842]: nss_ldap: failed to bind to > LDAP serv > er ldap://localhost/: Can't contact LDAP server > > > The following AVCs show up in /var/log/audit/audit.log: > > type=AVC msg=audit(1190746203.204:2162): avc: denied { create } for > pid=9842 > comm="showq" scontext=root:system_r:postfix_showq_t:s0 > tcontext=root:system_r:po > stfix_showq_t:s0 tclass=netlink_route_socket > type=SYSCALL msg=audit(1190746203.204:2162): arch=40000003 syscall=102 > success=n > o exit=-13 a0=1 a1=bfb679e4 a2=484ff4 a3=bfb67c61 items=0 ppid=9835 > pid=9842 aui > d=0 uid=0 gid=89 euid=0 suid=0 fsuid=0 egid=89 sgid=89 fsgid=89 > tty=(none) comm= > "showq" exe="/usr/libexec/postfix/showq" > subj=root:system_r:postfix_showq_t:s0 k > ey=(null) > type=AVC msg=audit(1190746203.204:2163): avc: denied { name_connect } > for pid > =9842 comm="showq" dest=389 scontext=root:system_r:postfix_showq_t:s0 > tcontext=s > ystem_u:object_r:ldap_port_t:s0 tclass=tcp_socket > type=SYSCALL msg=audit(1190746203.204:2163): arch=40000003 syscall=102 > success=n > o exit=-13 a0=3 a1=bfb67b10 a2=1251b18 a3=973d6a0 items=0 ppid=9835 > pid=9842 aui > d=0 uid=0 gid=89 euid=0 suid=0 fsuid=0 egid=89 sgid=89 fsgid=89 > tty=(none) comm= > "showq" exe="/usr/libexec/postfix/showq" > subj=root:system_r:postfix_showq_t:s0 k > ey=(null) > type=AVC msg=audit(1190746203.204:2164): avc: denied { create } for > pid=9842 > comm="showq" scontext=root:system_r:postfix_showq_t:s0 > tcontext=root:system_r:po > stfix_showq_t:s0 tclass=netlink_route_socket > type=SYSCALL msg=audit(1190746203.204:2164): arch=40000003 syscall=102 > success=n > o exit=-13 a0=1 a1=bfb679e4 a2=484ff4 a3=bfb67c61 items=0 ppid=9835 > pid=9842 aui > d=0 uid=0 gid=89 euid=0 suid=0 fsuid=0 egid=89 sgid=89 fsgid=89 > tty=(none) comm= > "showq" exe="/usr/libexec/postfix/showq" > subj=root:system_r:postfix_showq_t:s0 k > ey=(null) > type=AVC msg=audit(1190746203.204:2165): avc: denied { name_connect } > for pid > =9842 comm="showq" dest=389 scontext=root:system_r:postfix_showq_t:s0 > tcontext=s > ystem_u:object_r:ldap_port_t:s0 tclass=tcp_socket > type=SYSCALL msg=audit(1190746203.204:2165): arch=40000003 syscall=102 > success=n > o exit=-13 a0=3 a1=bfb67b10 a2=1251b18 a3=9755b90 items=0 ppid=9835 > pid=9842 aui > d=0 uid=0 gid=89 euid=0 suid=0 fsuid=0 egid=89 sgid=89 fsgid=89 > tty=(none) comm= > "showq" exe="/usr/libexec/postfix/showq" > subj=root:system_r:postfix_showq_t:s0 k > ey=(null) > type=AVC msg=audit(1190746207.205:2166): avc: denied { create } for > pid=9842 > comm="showq" scontext=root:system_r:postfix_showq_t:s0 > tcontext=root:system_r:po > stfix_showq_t:s0 tclass=netlink_route_socket > type=SYSCALL msg=audit(1190746207.205:2166): arch=40000003 syscall=102 > success=n > o exit=-13 a0=1 a1=bfb679e4 a2=484ff4 a3=bfb67c61 items=0 ppid=9835 > pid=9842 aui > d=0 uid=0 gid=89 euid=0 suid=0 fsuid=0 egid=89 sgid=89 fsgid=89 > tty=(none) comm= > "showq" exe="/usr/libexec/postfix/showq" > subj=root:system_r:postfix_showq_t:s0 k > ey=(null) > type=AVC msg=audit(1190746207.205:2167): avc: denied { name_connect } > for pid > =9842 comm="showq" dest=389 scontext=root:system_r:postfix_showq_t:s0 > tcontext=s > ystem_u:object_r:ldap_port_t:s0 tclass=tcp_socket > type=SYSCALL msg=audit(1190746207.205:2167): arch=40000003 syscall=102 > success=n > o exit=-13 a0=3 a1=bfb67b10 a2=1251b18 a3=973d660 items=0 ppid=9835 > pid=9842 aui > d=0 uid=0 gid=89 euid=0 suid=0 fsuid=0 egid=89 sgid=89 fsgid=89 > tty=(none) comm= > "showq" exe="/usr/libexec/postfix/showq" > subj=root:system_r:postfix_showq_t:s0 k > ey=(null) > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list Please try the u1 policy, preview available on http://people.redhat.com/dwalsh/SELinux/RHEL5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFG+VyBrlYvE4MpobMRAlfGAJwK0tgxzEHDk7R1WKWbjlzOpv0nLwCcCQ4D +5SxtFt6x6M6EnmqqbIkHAY= =F7NU -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
