postfix and selinux - newbie
John Esquivel
johne7 at cableone.net
Mon Sep 26 15:32:51 UTC 2005
John Esquivel wrote:
> My yum service recently updated selinux policy which I believe broke
> my postfix service. I was guessing that selinux does not like me
> using a non-standard port for postfix stmp, but then again I am a newbie.
> Is there a way to disable just the postfix part of selinux? I have
> done this for samba by using the security level gui, but postfix isn't
> listed in the gui. For now I can set selinux to permissive then
> restart postfix (using the service config gui), then change selinux
> back to enforced. This works but this machine gets rebooted weekly
> and then postfix fails, also I don't want to leave selinux off
> completely. I am running fc4, postfix, amavisd, clamav, and spamassasin.
> -JohnE
>
> $ egrep 'fatal:' /var/log/maillog
> Sep 25 15:06:22 lin3test postfix/master[6967]: fatal: bind
> 192.168.1.11 port 10050: Permission denied
> Sep 25 15:06:23 lin3test postfix/postfix-script: fatal: the Postfix
> mail system is not running
>
> Log report:
>
> /etc/cron.daily/0check4updates:
> Updated Packages
> selinux-policy-targeted.noarch 1.27.1-2.1
> updates squid.i386
> 7:2.5.STABLE11-1.FC4 updates
> xinitrc.noarch 4.0.18.1-1
> updates /etc/cron.daily/yum.cron:
> /sbin/restorecon reset /etc/postfix context
> system_u:object_r:etc_t->system_u:object_r:postfix_etc_t
> /sbin/restorecon reset /etc/postfix/postfix-script context
> system_u:object_r:etc_t->system_u:object_r:postfix_exec_t
> ..
Nevermind,
I Just saw the previous thread about this, to use audit2allow.
-Johne
More information about the fedora-list
mailing list