squirrelmail / postfix mail lost policy 1.17.30-2.80
Daniel J Walsh
dwalsh at redhat.com
Thu Feb 24 20:15:17 UTC 2005
Jeremy Ardley wrote:
> Daniel J Walsh wrote:
>
>> Jeremy Ardley wrote:
>>
>>> When I check the messages log I see the following avc entries
>>>
>>> Feb 24 17:14:46 mail kernel: audit(1109236486.039:0): avc: denied
>>> { read append } for pid=7589 exe=/bin/bash
>>> path=/var/lib/squirrelmail/prefs/jeremy.abook dev=dm-0 ino=6438914
>>> scontext=user_u:system_r:httpd_sys_script_t t
>>> context=root:object_r:httpd_var_lib_t tclass=file
>>> Feb 24 17:14:46 mail kernel: audit(1109236486.128:0): avc: denied
>>> { create } for pid=7589 exe=/usr/sbin/sendmail.postfix
>>> scontext=user_u:system_r:httpd_sys_script_t
>>> tcontext=user_u:system_r:httpd_sys_script_t tclass=unix_ dgram_socket
>>> Feb 24 17:14:46 mail kernel: audit(1109236486.136:0): avc: denied
>>> { search } for pid=7589 exe=/usr/sbin/sendmail.postfix name=spool
>>> dev=dm-0 ino=4030501 scontext=user_u:system_r:httpd_sys_script_t
>>> tcontext=system_u:object _r:var_spool_t tclass=dir
>>> Feb 24 17:14:46 mail kernel: audit(1109236486.137:0): avc: denied
>>> { create } for pid=7589 exe=/usr/sbin/sendmail.postfix
>>> scontext=user_u:system_r:httpd_sys_script_t
>>> tcontext=user_u:system_r:httpd_sys_script_t tclass=unix_ dgram_socket
>>>
>>> I have seen previous correspondence regarding similar faults but
>>> nothing I have tried has improved things. Is there a definitive fix
>>> I can apply?
>>
>>
>>
>> restorecon -R -v /usr/lib/squirrelmail /usr/sbin/sendmail.postfix
>> /var/spool
>>
>> Should help.
>>
> I had to change the command to
>
> restorecon -R -v /var/lib/squirrelmail /usr/sbin/sendmail.postfix
> /var/spool
>
> However I still get errors - though different ones - and the mail is
> still dropped
>
> Feb 25 03:30:47 mail kernel: audit(1109273447.864:0): avc: denied {
> create } for pid=8704 exe=/usr/sbin/sendmail.postfix
> scontext=user_u:system_r:httpd_sys_script_t
> tcontext=user_u:system_r:httpd_sys_script_t tclass=unix_dgram_socket
> Feb 25 03:30:47 mail kernel: audit(1109273447.878:0): avc: denied {
> search } for pid=8704 exe=/usr/sbin/sendmail.postfix name=spool
> dev=dm-0 ino=4030501 scontext=user_u:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:var_spool_t tclass=dir
> Feb 25 03:30:47 mail kernel: audit(1109273447.880:0): avc: denied {
> create } for pid=8704 exe=/usr/sbin/sendmail.postfix
> scontext=user_u:system_r:httpd_sys_script_t
> tcontext=user_u:system_r:httpd_sys_script_t tclass=unix_dgram_socket
>
Could you try the selinux-policy-targeted-1.17.30-2.84 on
ftp://people.redhat.com/dwalsh/SELinux/FC3
Your /usr/sbin/sendmail.postfix has the wrong context on it. It should
be running as sendmail_exec_t
and
/var/spool/postfix should be system_u:object_r:mail_spool_t
Dan
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list