[CentOS] SELinux AVC problem postfix <-> dspam

Patrick Lists

centos-list at puzzled.xs4all.nl
Mon Oct 22 16:06:22 UTC 2012


Hi,

I guess this is a bit OT but perhaps someone has encountered this issue 
before. On a CentOS 6.3 x86_64 box I have installed postfix and dspam 
from EPEL. Dspam is configured to listen on port 10026. After having 
configured dspam and postfix I start dspam and then postfix and I see 
the following AVC message in audit.log:

type=AVC msg=audit(1350920492.936:400): avc:  denied  { name_bind } for 
  pid=19971 comm="master" src=10026 
scontext=unconfined_u:system_r:postfix_master_t:s0 
tcontext=system_u:object_r:postfix_master_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1350920492.936:400): arch=c000003e syscall=49 
success=no exit=-13 a0=5b a1=7f015fa63b30 a2=10 a3=7fff6b2bf89c items=0 
ppid=1 pid=19971 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 
sgid=0 fsgid=0 tty=(none) ses=4 comm="master" 
exe="/usr/libexec/postfix/master" 
subj=unconfined_u:system_r:postfix_master_t:s0 key=(null)

When I run sudo grep 1350920492 /var/log/audit/audit.log | audit2allow 
-M postfix-dspam I get:

$ cat postfix-dspam.te

module pf 1.0;

require {
	type postfix_master_t;
	class tcp_socket name_bind;
}

#============= postfix_master_t ==============
allow postfix_master_t self:tcp_socket name_bind;


To fix this issue activate the postfix-dspam policy with:
# semodule -i postfix-dspam.pp


Can anyone confirm this is the correct way to fix this problem?
Should I file a bug?

Thanks and regards,
Patrick



More information about the CentOS mailing list