postfix, procmail and SELinux - No Go

Marc Schwartz (via MN) mschwartz at mn.rr.com
Wed Jun 21 16:33:20 UTC 2006 

On Wed, 2006-06-21 at 16:53 +0100, Paul Howarth wrote:
> Marc Schwartz (via MN) wrote:
> > 

<snip>

> > 
> > The current modules then are:
> > 
> > # semodule -l
> > amavis  1.0.4
> > clamav  1.0.1
> > myclamscan      0.2.0
> > mydcc   0.1.3
> > mypyzor 0.2.1
> > procmail        0.5.3
> > pyzor   1.0.1
> > 
> > 
> > No msgs are being reported by avclist subsequent to the above changes.
> > Specifically nothing wrt the postfix manpage weirdness.
> > 
> > All else appears to be OK so far.
> 
> Can you try restarting postfix? I think the manpage thing happened at 
> that point.

Interesting. Recalling that, I had re-booted before my reply above and
had no msgs. However doing a service restart post-boot using
system-config-services, I get:

type=AVC msg=audit(1150906621.693:641): avc:  denied  { read } for  pid=12784 comm="postfix" name=".fonts.cache-2" dev=hdc7 ino=427877 scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file
type=SYSCALL msg=audit(1150906621.693:641): arch=40000003 syscall=11 success=yes exit=0 a0=9e14f80 a1=9dfb478 a2=9e14f98 a3=9e14e68 items=2 pid=12784 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="postfix" exe="/usr/sbin/postfix"
type=AVC_PATH msg=audit(1150906621.693:641):  path="/root/.rh-fontconfig/.fonts.cache-2"
type=CWD msg=audit(1150906621.693:641):  cwd="/"
type=PATH msg=audit(1150906621.693:641): item=0 name="/usr/sbin/postfix" flags=101  inode=3132499 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1150906621.693:641): item=1 flags=101  inode=754491 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1150906621.829:642): avc:  denied  { read } for  pid=12796 comm="postfix" name=".fonts.cache-2" dev=hdc7 ino=427877 scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file
type=SYSCALL msg=audit(1150906621.829:642): arch=40000003 syscall=11 success=yes exit=0 a0=9e15318 a1=9e00e50 a2=9e14f98 a3=9e14d00 items=2 pid=12796 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="postfix" exe="/usr/sbin/postfix"
type=AVC_PATH msg=audit(1150906621.829:642):  path="/root/.rh-fontconfig/.fonts.cache-2"
type=CWD msg=audit(1150906621.829:642):  cwd="/"
type=PATH msg=audit(1150906621.829:642): item=0 name="/usr/sbin/postfix" flags=101  inode=3132499 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1150906621.829:642): item=1 flags=101  inode=754491 dev=16:07 mode=0100755 ouid=0 ogid=0 rdev=00:00

Which seems to not involve the man pages, but font caches for some
reason.

If I just use '/usr/sbin/postfix stop' follow by '... start', I get no
msgs at all, which is consistent with a fresh boot.

> Once that's done I'd like to try out the dcc and razor modules that are 
> now in rawhide. That will involve going back to permissive mode for a 
> while though.

No problem.

Marc

More information about the fedora-selinux-list mailing list