I'm using Fedora 20 and CentOS 7 and have tried several places to place keytab files for Postfix. Each time I'm getting a denied message:
type=AVC msg=audit(1419366895.530:491753): avc: denied { search } for pid=28412 comm="lmtp" name="postfix" dev="xvda1" ino=1223493 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:postfix_data_t:s0 tclass=dir
type=SYSCALL msg=audit(1419366895.530:491753): arch=c000003e syscall=4 success=no exit=-13 a0=7f347b8377f0 a1=7fffa6f23670 a2=7fffa6f23670 a3=7fffa6f23540 items=0 ppid=28406 pid=28412 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="lmtp" exe="/usr/libexec/postfix/lmtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
I see on the postfix_selinux man page that there is a postfix_keytab_t type, however, even if I use this, postfix is not able to read the credential file. Has anyone gotten this to work?
Steve
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
