postfix ldap selinux (centos5)

Harry Hoffman hhoffman at ip-solutions.net
Tue Sep 25 18:59:38 UTC 2007 

My apologies if this is the wrong list and there is a rhel/centos 
specific selinux list...

Trying to run postfix-2.2.3 on centos5. I'm using LDAP for maps and 
authentication.

Everytime I run postqueue -p (to show the mail queue) the command times out.

The following messages are logged in /var/log/maillog:
Sep 25 14:50:03 mail1 postfix/showq[9842]: nss_ldap: failed to bind to 
LDAP serv
er ldap://localhost/: Can't contact LDAP server
Sep 25 14:50:03 mail1 postfix/showq[9842]: nss_ldap: failed to bind to 
LDAP serv
er ldap://localhost/: Can't contact LDAP server
Sep 25 14:50:03 mail1 postfix/showq[9842]: nss_ldap: reconnecting to 
LDAP server
  (sleeping 4 seconds)...
Sep 25 14:50:07 mail1 postfix/showq[9842]: nss_ldap: failed to bind to 
LDAP serv
er ldap://localhost/: Can't contact LDAP server


The following AVCs show up in /var/log/audit/audit.log:

type=AVC msg=audit(1190746203.204:2162): avc:  denied  { create } for 
pid=9842
comm="showq" scontext=root:system_r:postfix_showq_t:s0 
tcontext=root:system_r:po
stfix_showq_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1190746203.204:2162): arch=40000003 syscall=102 
success=n
o exit=-13 a0=1 a1=bfb679e4 a2=484ff4 a3=bfb67c61 items=0 ppid=9835 
pid=9842 aui
d=0 uid=0 gid=89 euid=0 suid=0 fsuid=0 egid=89 sgid=89 fsgid=89 
tty=(none) comm=
"showq" exe="/usr/libexec/postfix/showq" 
subj=root:system_r:postfix_showq_t:s0 k
ey=(null)
type=AVC msg=audit(1190746203.204:2163): avc:  denied  { name_connect } 
for  pid
=9842 comm="showq" dest=389 scontext=root:system_r:postfix_showq_t:s0 
tcontext=s
ystem_u:object_r:ldap_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1190746203.204:2163): arch=40000003 syscall=102 
success=n
o exit=-13 a0=3 a1=bfb67b10 a2=1251b18 a3=973d6a0 items=0 ppid=9835 
pid=9842 aui
d=0 uid=0 gid=89 euid=0 suid=0 fsuid=0 egid=89 sgid=89 fsgid=89 
tty=(none) comm=
"showq" exe="/usr/libexec/postfix/showq" 
subj=root:system_r:postfix_showq_t:s0 k
ey=(null)
type=AVC msg=audit(1190746203.204:2164): avc:  denied  { create } for 
pid=9842
comm="showq" scontext=root:system_r:postfix_showq_t:s0 
tcontext=root:system_r:po
stfix_showq_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1190746203.204:2164): arch=40000003 syscall=102 
success=n
o exit=-13 a0=1 a1=bfb679e4 a2=484ff4 a3=bfb67c61 items=0 ppid=9835 
pid=9842 aui
d=0 uid=0 gid=89 euid=0 suid=0 fsuid=0 egid=89 sgid=89 fsgid=89 
tty=(none) comm=
"showq" exe="/usr/libexec/postfix/showq" 
subj=root:system_r:postfix_showq_t:s0 k
ey=(null)
type=AVC msg=audit(1190746203.204:2165): avc:  denied  { name_connect } 
for  pid
=9842 comm="showq" dest=389 scontext=root:system_r:postfix_showq_t:s0 
tcontext=s
ystem_u:object_r:ldap_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1190746203.204:2165): arch=40000003 syscall=102 
success=n
o exit=-13 a0=3 a1=bfb67b10 a2=1251b18 a3=9755b90 items=0 ppid=9835 
pid=9842 aui
d=0 uid=0 gid=89 euid=0 suid=0 fsuid=0 egid=89 sgid=89 fsgid=89 
tty=(none) comm=
"showq" exe="/usr/libexec/postfix/showq" 
subj=root:system_r:postfix_showq_t:s0 k
ey=(null)
type=AVC msg=audit(1190746207.205:2166): avc:  denied  { create } for 
pid=9842
comm="showq" scontext=root:system_r:postfix_showq_t:s0 
tcontext=root:system_r:po
stfix_showq_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1190746207.205:2166): arch=40000003 syscall=102 
success=n
o exit=-13 a0=1 a1=bfb679e4 a2=484ff4 a3=bfb67c61 items=0 ppid=9835 
pid=9842 aui
d=0 uid=0 gid=89 euid=0 suid=0 fsuid=0 egid=89 sgid=89 fsgid=89 
tty=(none) comm=
"showq" exe="/usr/libexec/postfix/showq" 
subj=root:system_r:postfix_showq_t:s0 k
ey=(null)
type=AVC msg=audit(1190746207.205:2167): avc:  denied  { name_connect } 
for  pid
=9842 comm="showq" dest=389 scontext=root:system_r:postfix_showq_t:s0 
tcontext=s
ystem_u:object_r:ldap_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1190746207.205:2167): arch=40000003 syscall=102 
success=n
o exit=-13 a0=3 a1=bfb67b10 a2=1251b18 a3=973d660 items=0 ppid=9835 
pid=9842 aui
d=0 uid=0 gid=89 euid=0 suid=0 fsuid=0 egid=89 sgid=89 fsgid=89 
tty=(none) comm=
"showq" exe="/usr/libexec/postfix/showq" 
subj=root:system_r:postfix_showq_t:s0 k
ey=(null)

More information about the fedora-selinux-list mailing list