Request Tracker 3

Kanwar Ranbir Sandhu m3freak at rogers.com
Thu Feb 3 04:46:08 UTC 2005 

I spoke too soon.  It's still not working.  For some reason I sent a few
emails, and there were no denials.  I waited a few minutes, and then
tried again, and lo and behold, the denials were back.

So, my other message was partially incorrect (the part about there not
being any denials when setting the mail command to "sendmail").  After
running "chcon -R -t mail_spool_t /var/spool/postfix", these were the
denials eventually reported (there a few new ones):

avc:  denied  { search } for  pid=6845 exe=/usr/bin/perl name=postfix
dev=dm-5 ino=34833 scontext=user_u:system_r:httpd_sys_script_t
tcontext=system_u:object_r:mail_spool_t tclass=dir

avc:  denied  { getattr } for  pid=6847 exe=/usr/sbin/sendmail.postfix
path=socket:[17672] dev=sockfs ino=17672
scontext=root:system_r:system_mail_t tcontext=root:system_r:httpd_t
tclass=unix_stream_socket

avc:  denied  { search } for  pid=6847 exe=/usr/sbin/sendmail.postfix
name=postfix dev=dm-5 ino=34833 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir

avc:  denied  { execute } for  pid=6848 exe=/usr/sbin/sendmail.postfix
name=postdrop dev=dm-3 ino=276825 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:sbin_t tclass=file

avc:  denied  { execute_no_trans } for  pid=6848
exe=/usr/sbin/sendmail.postfix path=/usr/sbin/postdrop dev=dm-3
ino=276825 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:sbin_t tclass=file

avc:  denied  { read } for  pid=6848 exe=/usr/sbin/sendmail.postfix
path=/usr/sbin/postdrop dev=dm-3 ino=276825
scontext=root:system_r:system_mail_t tcontext=system_u:object_r:sbin_t
tclass=file

avc:  denied  { write } for  pid=6848 exe=/usr/sbin/postdrop
name=maildrop dev=dm-5 ino=34842 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir

avc:  denied  { add_name } for  pid=6848 exe=/usr/sbin/postdrop
name=964455.6848 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir

avc:  denied  { create } for  pid=6848 exe=/usr/sbin/postdrop
name=964455.6848 scontext=root:system_r:system_mail_t
tcontext=root:object_r:mail_spool_t tclass=file

avc:  denied  { getattr } for  pid=6848 exe=/usr/sbin/postdrop
path=/var/spool/postfix/maildrop/964455.6848 dev=dm-5 ino=34911
scontext=root:system_r:system_mail_t tcontext=root:object_r:mail_spool_t
tclass=file

avc:  denied  { remove_name } for  pid=6848 exe=/usr/sbin/postdrop
name=964455.6848 dev=dm-5 ino=34911 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir

avc:  denied  { rename } for  pid=6848 exe=/usr/sbin/postdrop
name=964455.6848 dev=dm-5 ino=34911 scontext=root:system_r:system_mail_t
tcontext=root:object_r:mail_spool_t tclass=file

avc:  denied  { write } for  pid=6848 exe=/usr/sbin/postdrop
path=/var/spool/postfix/maildrop/11B20885F dev=dm-5 ino=34911
scontext=root:system_r:system_mail_t tcontext=root:object_r:mail_spool_t
tclass=file

avc:  denied  { setattr } for  pid=6848 exe=/usr/sbin/postdrop
name=11B20885F dev=dm-5 ino=34911 scontext=root:system_r:system_mail_t
tcontext=root:object_r:mail_spool_t tclass=file

avc:  denied  { getattr } for  pid=6848 exe=/usr/sbin/postdrop
path=/var/spool/postfix/public/pickup dev=dm-5 ino=34827
scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=fifo_file

avc:  denied  { write } for  pid=6848 exe=/usr/sbin/postdrop name=pickup
dev=dm-5 ino=34827 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=fifo_file

HTH in finding a solution.

Regards,

Ranbir

-- 
Kanwar Ranbir Sandhu
Linux Consultant
Systems Aligned Inc.
www.systemsaligned.com

More information about the fedora-selinux-list mailing list