Hi All.
Well, I have scoured the docs and cant find anything that looks like the
problem I am having here.
I have a .forward file in /root .. Mail to root should divert to my user
account, but SELinux stops Postfix from doing so. If I set SELinux to
permissive, then it works, but of course logs the same AVC.
SETroubleshooter says to restorecon -R './root' ... ./root is a relative
path ... so what does this mean? It doesnt work.
[root@admin ~]# restorecon -R -v './root'
restorecon: stat error on ./root: No such file or directory
[root@admin ~]#
.forward File Context:
[root@admin ~]# ls -Z /root/.forward
-rw-r--r-- root root unconfined_u:object_r:admin_home_t:s0 /root/.forward
[root@admin ~]#
Postix Booleans:
getsebool -a | grep post
allow_postfix_local_write_mail_spool --> on
allow_user_postgresql_connect --> off
[root@admin ~]#
Raw Audit Messages :
host=admin.brianac.com.au type=AVC msg=audit(1219546087.579:2125): avc:
denied { search } for pid=26716 comm="local" name="root" dev=dm-7
ino=63489 scontext=system_u:system_r:postfix_local_t:s0
tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
host=admin.brianac.com.au type=SYSCALL msg=audit(1219546087.579:2125):
arch=40000003 syscall=196 success=no exit=-13 a0=b8079568 a1=bfe2b844
a2=7dfff4 a3=0 items=0 ppid=3274 pid=26716 auid=4294967295 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="local" exe="/usr/libexec/postfix/local"
subj=system_u:system_r:postfix_local_t:s0 key=(null)
Output from Troubleshooter:
Summary
SELinux is preventing the local from using potentially mislabeled files
(./root).
Detailed Description
SELinux has denied local access to potentially mislabeled file(s)
(./root). This means that SELinux will not allow local to use these
files. It is common for users to edit files in their home directory or
tmp directories and then move (mv) them to system directories. The
problem is that the files end up with the wrong file context which
confined applications are not allowed to access.
Allowing Access
If you want local to access this files, you need to relabel them using
restorecon -v './root'. You might want to relabel the entire directory
using restorecon -R -v './root'.
Additional Information
Source Context: system_u:system_r:postfix_local_t:s0
Target Context: system_u:object_r:admin_home_t:s0
Target Objects: ./root [ dir ]Source: local
Source Path: /usr/libexec/postfix/local
Port: <Unknown>
Host: admin.brianac.com.au
Source RPM Packages: postfix-2.5.1-2.fc9
Target RPM Packages: filesystem-2.4.13-1.fc9
Policy RPM: selinux-policy-3.3.1-84.fc9
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: home_tmp_bad_labels
Host Name: admin.brianac.com.au
Platform: Linux admin.brianac.com.au 2.6.25.14-108.fc9.i686 #1 SMP Mon Aug
Troubleshooter says to restorecon for ./root. What is this? .. That is a
relative path, not a full path.
Can anyone help decipher this AVC and provide a fix?
Cheers and Beers
Brian
--
Political Correctness is a doctrine, fostered by a delusional, illogical minority, and rabidly promoted by an unscrupulous mainstream media, which holds forth the proposition that it is entirely possible to pick up a turd by the clean end.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
