SeLinux and mail relaying

redhatdude at bellsouth.net redhatdude at bellsouth.net
Mon Jul 10 16:38:35 UTC 2006 

>
> On Jul 10, 2006, at 3:49 AM, Paul Howarth wrote:
>
>> On Fri, 2006-07-07 at 16:34 -0400, redhatdude at bellsouth.net wrote:
>>> Hi,
>>> While trying to set up a mail cgi script, I discovered that Selinux
>>> is not allowing relaying mail from anything but postfix. I realized
>>> this when I turned off selinux and I started getting the result of
>>> cron jobs and other similar system emails.
>>> So my question is ,  how can I make selinux allow programs other  
>>> than
>>> postfix and cyrus to relay emails?
>>
>> Can you post the AVC messages you are getting when mail from cron is
>> being blocked by SELinux?
>>
>> Paul.
>>
>
Hi,
Here it is.
Thanks for you help.
EJ

type=AVC_PATH msg=audit(1152547081.207:3467):  path="/var/lib/imap/ 
socket/lmtp"
type=SOCKADDR msg=audit(1152547081.207:3467):  
saddr=01002F7661722F6C69622F696D61702F736F636B65742F6C6D7470000000000000 
000000000000000000000000000000000000000000000000000000000000000000000000 
000000000000000000000000000000000000000000000000000000000000000000000000 
0000000000
type=SOCKETCALL msg=audit(1152547081.207:3467): nargs=3 a0=b  
a1=bfc966ec a2=6e
type=PATH msg=audit(1152547081.207:3467): item=0 name=(null)  
inode=8585327 dev=fd:00 mode=0140777 ouid=0 ogid=0 rdev=00:00  
obj=system_u:object_r:cyrus_var_lib_t:s0
type=AVC msg=audit(1152547081.303:3468): avc:  denied  { connectto }  
for  pid=31220 comm="lmtp" name="lmtp"  
scontext=system_u:system_r:postfix_master_t:s0  
tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=SYSCALL msg=audit(1152547081.303:3468): arch=40000003  
syscall=102 success=no exit=-13 a0=3 a1=bffc5900 a2=f8e430 a3=f90c24  
items=1 pid=31220 auid=4294967295 uid=89 gid=89 euid=89 suid=89  
fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) comm="lmtp" exe="/usr/ 
libexec/postfix/lmtp" subj=system_u:system_r:postfix_master_t:s0
type=AVC_PATH msg=audit(1152547081.303:3468):  path="/var/lib/imap/ 
socket/lmtp"
type=SOCKADDR msg=audit(1152547081.303:3468):  
saddr=01002F7661722F6C69622F696D61702F736F636B65742F6C6D7470000000000000 
000000000000000000000000000000000000000000000000000000000000000000000000 
000000000000000000000000000000000000000000000000000000000000000000000000 
0000000000
type=SOCKETCALL msg=audit(1152547081.303:3468): nargs=3 a0=b  
a1=bffc5a1c a2=6e
type=PATH msg=audit(1152547081.303:3468): item=0 name=(null)  
inode=8585327 dev=fd:00 mode=0140777 ouid=0 ogid=0 rdev=00:00  
obj=system_u:object_r:cyrus_var_lib_t:s0

This is the message I get when I try to run a mail form cgi script,  
which is why I realized that I was having problems with my system  
sending mail.

type=AVC msg=audit(1152547494.882:3475): avc:  denied  { getattr }  
for  pid=31270 comm="postdrop" name="[165322]" dev=pipefs ino=165322  
scontext=user_u:system_r:postfix_postdrop_t:s0  
tcontext=user_u:system_r:httpd_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1152547494.882:3475): arch=40000003  
syscall=197 success=no exit=-13 a0=2 a1=bfa6d7c0 a2=50aff4 a3=3  
items=0 pid=31270 auid=4294967295 uid=48 gid=48 euid=48 suid=48  
fsuid=48 egid=90 sgid=90 fsgid=90 tty=(none) comm="postdrop" exe="/ 
usr/sbin/postdrop" subj=user_u:system_r:postfix_postdrop_t:s0
type=AVC_PATH msg=audit(1152547494.882:3475):  path="pipe:[165322]"
type=AVC msg=audit(1152547495.010:3476): avc:  denied  { connectto }  
for  pid=31274 comm="lmtp" name="lmtp"  
scontext=system_u:system_r:postfix_master_t:s0  
tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=SYSCALL msg=audit(1152547495.010:3476): arch=40000003  
syscall=102 success=no exit=-13 a0=3 a1=bffb50f0 a2=4b1430 a3=4b3c24  
items=1 pid=31274 auid=4294967295 uid=89 gid=89 euid=89 suid=89  
fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) comm="lmtp" exe="/usr/ 
libexec/postfix/lmtp" subj=system_u:system_r:postfix_master_t:s0
type=AVC_PATH msg=audit(1152547495.010:3476):  path="/var/lib/imap/ 
socket/lmtp"
type=SOCKADDR msg=audit(1152547495.010:3476):  
saddr=01002F7661722F6C69622F696D61702F736F636B65742F6C6D7470000000000000 
000000000000000000000000000000000000000000000000000000000000000000000000 
000000000000000000000000000000000000000000000000000000000000000000000000 
0000000000
type=SOCKETCALL msg=audit(1152547495.010:3476): nargs=3 a0=b  
a1=bffb520c a2=6e
type=PATH msg=audit(1152547495.010:3476): item=0 name=(null)  
inode=8585327 dev=fd:00 mode=0140777 ouid=0 ogid=0 rdev=00:00  
obj=system_u:object_r:cyrus_var_lib_t:s0

More information about the fedora-selinux-list mailing list