After upgrading to centos 5.4 I am getting a selinux violation, yet nothing is logged to /var/log/audit/audit.log. Other violations do get logged.
The violation occurs when running the following command on the mail server:
aspen> /usr/bin/Mail centos@centos.org Subject: test hi Cc:
aspen> send-mail: warning: premature end-of-input on /usr/sbin/postdrop -r while reading input attribute name send-mail: fatal: nataraj(500): unable to execute /usr/sbin/postdrop -r: Success
If I run with "setenforce 0" /usr/bin/Mail works. With "setenforce 1" it gets the error above, yet the violation does not get logged, so I can't tell how to fix it. Note: /usr/bin/Mail is the postfix version of /usr/bin/Mail.
Any ideas how I can find out what the violation is so I can add rules to allow it?
Nataraj
I got the same thing, which I think if from the selinux updates last night. My machine was on 5.4 since 5.4 was released. I will let you know if/when I figure out the solution. http://lists.centos.org/pipermail/centos/2010-January/088465.html
On Fri, 2010-01-08 at 17:34 -0700, Nataraj wrote:
After upgrading to centos 5.4 I am getting a selinux violation, yet nothing is logged to /var/log/audit/audit.log. Other violations do get logged.
The violation occurs when running the following command on the mail server:
aspen> send-mail: warning: premature end-of-input on /usr/sbin/postdrop -r while reading input attribute name send-mail: fatal: nataraj(500): unable to execute /usr/sbin/postdrop -r: Success
Any ideas how I can find out what the violation is so I can add rules to allow it?
See: http://www.centos.org/modules/newbb/viewtopic.php?topic_id=24135&forum=4... and https://bugzilla.redhat.com/show_bug.cgi?id=553492
Steve
James Rankin wrote:
Here is the fix. Just found this:
https://bugzilla.redhat.com/show_bug.cgi?id=553492
and also
Thank you James. I added the mypostfix.te module and it solved the problem. It would still seem that the fact that selinux did not log the violation might be a seperate bug.
Nataraj
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos