squirrelmail / postfix mail lost policy 1.17.30-2.80

Daniel J Walsh dwalsh at redhat.com
Fri Feb 25 21:29:59 UTC 2005 

Jeremy Ardley wrote:

> Daniel J Walsh wrote:
>
>> Ok I built  selinux-policy-targeted-1.17.30-2.85 on
>> ftp://people.redhat.com/dwalsh/SELinux/FC3
>>
>> Try that one out.
>
>
> rpm -Uvh selinux-policy-targeted-1.17.30-2.85.noarch.rpm
> restorecon -R -v /var/lib/squirrelmail /usr/sbin/sendmail.postfix 
> /var/spool
> restorecon -R -v /var/log
> setenforce 1


That is strange.  Could you do a
load_policy /etc/selinux/targeted/policy/policy.19

And then try.

The new rules should work.  You don't need to restorecon.

> Feb 26 05:01:03 mail kernel: audit(1109365263.017:0): avc:  denied  { 
> search } for  pid=12048 exe=/usr/sbin/sendmail.postfix name=postfix 
> dev=dm-0 ino=4032524 scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:mail_spool_t tclass=dir
>
> Mail was delivered however
> then
>
> setenforce 0
>
> Feb 26 05:02:33 mail kernel: audit(1109365353.670:0): avc:  granted  { 
> setenforce } for  pid=12056 exe=/usr/bin/setenforce 
> scontext=root:system_r:unconfined_t 
> tcontext=system_u:object_r:security_t tclass=security
> Feb 26 05:02:58 mail kernel: audit(1109365378.602:0): avc:  denied  { 
> search } for  pid=12057 exe=/usr/sbin/sendmail.postfix name=postfix 
> dev=dm-0 ino=4032524 scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:mail_spool_t tclass=dir
> Feb 26 05:02:58 mail kernel: audit(1109365378.628:0): avc:  denied  { 
> execute } for  pid=12058 exe=/usr/sbin/sendmail.postfix name=postdrop 
> dev=dm-0 ino=2961715 scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:sbin_t tclass=file
> Feb 26 05:02:58 mail kernel: audit(1109365378.629:0): avc:  denied  { 
> execute_no_trans } for  pid=12058 exe=/usr/sbin/sendmail.postfix 
> path=/usr/sbin/postdrop dev=dm-0 ino=2961715 
> scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:sbin_t tclass=file
> Feb 26 05:02:58 mail kernel: audit(1109365378.629:0): avc:  denied  { 
> read } for  pid=12058 exe=/usr/sbin/sendmail.postfix 
> path=/usr/sbin/postdrop dev=dm-0 ino=2961715 
> scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:sbin_t tclass=file
> Feb 26 05:02:58 mail kernel: audit(1109365378.686:0): avc:  denied  { 
> write } for  pid=12058 exe=/usr/sbin/postdrop name=maildrop dev=dm-0 
> ino=4032533 scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:mail_spool_t tclass=dir
> Feb 26 05:02:58 mail kernel: audit(1109365378.686:0): avc:  denied  { 
> add_name } for  pid=12058 exe=/usr/sbin/postdrop name=686987.12058 
> scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:mail_spool_t tclass=dir
> Feb 26 05:02:58 mail kernel: audit(1109365378.686:0): avc:  denied  { 
> create } for  pid=12058 exe=/usr/sbin/postdrop name=686987.12058 
> scontext=user_u:system_r:system_mail_t 
> tcontext=user_u:object_r:mail_spool_t tclass=file
> Feb 26 05:02:58 mail kernel: audit(1109365378.711:0): avc:  denied  { 
> getattr } for  pid=12058 exe=/usr/sbin/postdrop 
> path=/var/spool/postfix/maildrop/686987.12058 dev=dm-0 ino=6340609 
> scontext=user_u:system_r:system_mail_t 
> tcontext=user_u:object_r:mail_spool_t tclass=file
> Feb 26 05:02:58 mail kernel: audit(1109365378.712:0): avc:  denied  { 
> remove_name } for  pid=12058 exe=/usr/sbin/postdrop name=686987.12058 
> dev=dm-0 ino=6340609 scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:mail_spool_t tclass=dir
> Feb 26 05:02:58 mail kernel: audit(1109365378.712:0): avc:  denied  { 
> rename } for  pid=12058 exe=/usr/sbin/postdrop name=686987.12058 
> dev=dm-0 ino=6340609 scontext=user_u:system_r:system_mail_t 
> tcontext=user_u:object_r:mail_spool_t tclass=file
> Feb 26 05:02:58 mail kernel: audit(1109365378.714:0): avc:  denied  { 
> write } for  pid=12058 exe=/usr/sbin/postdrop 
> path=/var/spool/postfix/maildrop/ADE8760C001 dev=dm-0 ino=6340609 
> scontext=user_u:system_r:system_mail_t 
> tcontext=user_u:object_r:mail_spool_t tclass=file
> Feb 26 05:02:58 mail kernel: audit(1109365378.715:0): avc:  denied  { 
> setattr } for  pid=12058 exe=/usr/sbin/postdrop name=ADE8760C001 
> dev=dm-0 ino=6340609 scontext=user_u:system_r:system_mail_t 
> tcontext=user_u:object_r:mail_spool_t tclass=file
> Feb 26 05:02:58 mail kernel: audit(1109365378.733:0): avc:  denied  { 
> getattr } for  pid=12058 exe=/usr/sbin/postdrop 
> path=/var/spool/postfix/public/pickup dev=dm-0 ino=4032604 
> scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:mail_spool_t tclass=fifo_file
> Feb 26 05:02:58 mail kernel: audit(1109365378.733:0): avc:  denied  { 
> write } for  pid=12058 exe=/usr/sbin/postdrop name=pickup dev=dm-0 
> ino=4032604 scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:mail_spool_t tclass=fifo_file
>
> mail was delivered again
>
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list

More information about the fedora-selinux-list mailing list