Dominick Grift wrote:
On Tue, 2009-02-17 at 14:27 +0200, Manuel Wolfshant wrote:
My questions are
a) why does postfix create the initial home directories with a wrong
context ? Note this only happens for NEW users, messages for the users
which already existed [and have correct context] on the old system are
perfectly fine.
I think it has to do with the way genhomedircon works. Since postfix is
the owner and is a system account. I am not sure. Hopefully someone else
can shed some light on this.
b) what can I do to fix ?
I think that restorecond should fix this. Is it running? and is /home
added to restorecond.conf?
restorecond was (and is) running. /home was not included in restorecond.conf, but even after adding it (and reload/restart /etc/init.d/restorecond) there is no change
As additional info, /var/log/messages has:
Feb 17 15:30:12 imap2 setroubleshoot: SELinux is preventing virtual (postfix_virtual_t) "write" to /home/gigi.test@xxxxxxxxxxxxxxxxxx/tmp/1234877410.P4488.imap2 (home_root_t). For complete SELinux messages. run sealert -l 0bc7c6e1-96d8-4f59-bcac-a11fbc699e2a
Feb 17 15:30:12 imap2 setroubleshoot: SELinux is preventing virtual (postfix_virtual_t) "remove_name" to ./1234877410.P4488.imap2 (home_root_t). For complete SELinux messages. run sealert -l 51b63565-8a4d-494e-808b-d235cbdd5683
Feb 17 15:30:12 imap2 setroubleshoot: SELinux is preventing virtual (postfix_virtual_t) "write" to ./1234877410.P4488.imap2 (home_root_t). For complete SELinux messages. run sealert -l 54d85276-b21c-4753-9937-afb48373c326
not surprisingly, sealert -l gives "SELinux is preventing virtual (postfix_virtual_t) "write" to /home/gigi.test@xxxxxxxxxxxxxxxxxx/tmp/1234877410.P4488.imap2 (home_root_t)."
Additional Information:
Source Context root:system_r:postfix_virtual_t
Target Context root:object_r:home_root_t
Target Objects /home/gigi.test@xxxxxxxxxxxxxxxxxx/tmp/1234877410.
P4488.imap2 [ file ]
Source virtual
Source Path /usr/libexec/postfix/virtual
Port <Unknown>
Host imap2
Source RPM Packages postfix-2.3.3-2.1.centos.mysql_pgsql
Target RPM Packages
Policy RPM selinux-policy-2.4.6-203.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name imap2
Platform Linux imap2 2.6.18-92.1.22.el5xen #1 SMP Tue Dec
16 12:26:32 EST 2008 x86_64 x86_64
Alert Count 1
First Seen Tue Feb 17 15:30:10 2009
Last Seen Tue Feb 17 15:30:10 2009
Local ID 0bc7c6e1-96d8-4f59-bcac-a11fbc699e2a
Line Numbers
Raw Audit Messages
host=imap2 type=AVC msg=audit(1234877410.37:45680): avc: denied { write } for pid=4488 comm="virtual" path="/home/gigi.test@xxxxxxxxxxxxxxxxxx/tmp/1234877410.P4488.imap2" dev=hda1 ino=29982723 scontext=root:system_r:postfix_virtual_t:s0 tcontext=root:object_r:home_root_t:s0 tclass=file
host=imap2 type=SYSCALL msg=audit(1234877410.37:45680): arch=c000003e syscall=1 success=no exit=-13 a0=c a1=2b06b8c9f520 a2=1b5 a3=7228206f722e676e items=0 ppid=26787 pid=4488 auid=0 uid=0 gid=0 euid=89 suid=0 fsuid=89 egid=89 sgid=0 fsgid=89 tty=(none) ses=7290 comm="virtual" exe="/usr/libexec/postfix/virtual" subj=root:system_r:postfix_virtual_t:s0 key=(null)
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list