postfix, procmail and SELinux - No Go

Marc Schwartz (via MN) mschwartz at mn.rr.com
Wed Jun 28 19:22:07 UTC 2006 

On Wed, 2006-06-28 at 15:08 +0100, Paul Howarth wrote:
> On Tue, 2006-06-27 at 12:34 -0500, Marc Schwartz (via MN) wrote:

<snip old avc's>

> > One thing to note here. I am on the new kernel: 2.6.17-1.2139_FC5
> > 
> > There have been some flaky things going on with networking as you may
> > have noted on the general FC list, just in case any of that is relevant
> > here. I have not installed the new (updates testing) initscripts as of
> > yet, as I am still trying to get a sense of where things stand. I have
> > seen some issues with network configs and device labelling issues,
> > including wireless instability (using the bcm43xx driver) which was
> > working under the former kernel with ndiswrapper. FWIW.
> 
> I don't think that any of the above AVCs are related to this.

OK. Wanted to make note of it, just in case.

<snip new policies>

# semodule -l
amavis  1.0.4
clamav  1.0.1
dcc     1.0.0
myclamav        0.1.4
mydcc   0.1.8
mypostfix       0.1.0
mypyzor 0.2.3
myspamassassin  0.1.1
procmail        0.5.4
pyzor   1.0.1
razor   1.0.0


New avc's:

type=AVC msg=audit(1151521329.964:1158): avc:  denied  { search } for  pid=5442 comm="local" name="clamav" dev=dm-1 ino=44957 scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:clamd_var_lib_t:s0 tclass=dir
type=SYSCALL msg=audit(1151521329.964:1158): arch=40000003 syscall=196 success=no exit=-2 a0=939f848 a1=bffd2e80 a2=721ff4 a3=3 items=1 pid=5442 auid=4294967295 uid=0 gid=0 euid=100 suid=0 fsuid=100 egid=101 sgid=0 fsgid=101 tty=(none) comm="local" exe="/usr/libexec/postfix/local" subj=system_u:system_r:postfix_local_t:s0
type=CWD msg=audit(1151521329.964:1158):  cwd="/var/spool/postfix"
type=PATH msg=audit(1151521329.964:1158): item=0 name="/var/lib/clamav/.forward" obj=system_u:object_r:etc_t:s0
type=AVC msg=audit(1151521329.988:1159): avc:  denied  { search } for  pid=5449 comm="procmail" name="clamav" dev=dm-1 ino=44957 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:clamd_var_lib_t:s0 tclass=dir
type=SYSCALL msg=audit(1151521329.988:1159): arch=40000003 syscall=195 success=no exit=-2 a0=8dd0d60 a1=bfe27a6c a2=4891eff4 a3=0 items=1 pid=5449 auid=4294967295 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101 sgid=101 fsgid=101 tty=(none) comm="procmail" exe="/usr/bin/procmail" subj=system_u:system_r:procmail_t:s0
type=CWD msg=audit(1151521329.988:1159):  cwd="/var/spool/postfix"


Getting better.  :-)

Thanks,

Marc

More information about the fedora-selinux-list mailing list