[CentOS] SELinux AVC problem postfix <-> dspam
Patrick Lists
centos-list at puzzled.xs4all.nl
Mon Oct 22 19:06:41 UTC 2012
On 10/22/2012 06:06 PM, Patrick Lists wrote:
[snip]
Solved with:
# semanage port -a -t smtp_port_t -p tcp 10026
Now trying to wrap my head around the next AVC which occurs when postfix
wants to pass an incoming email via lmtp to dspam via
/var/run/dspam/dspam.sock:
type=AVC msg=audit(1350931969.438:436): avc: denied { write } for
pid=20266 comm="lmtp" name="dspam.sock" dev=vda2 ino=9935
scontext=unconfined_u:system_r:postfix_smtp_t:s0
tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1350931969.438:436): arch=c000003e syscall=42
success=no exit=-13 a0=c a1=7ffff8b66760 a2=6e a3=7ffff8b66410 items=0
ppid=20258 pid=20266 auid=500 uid=89 gid=89 euid=89 suid=89 fsuid=89
egid=89 sgid=89 fsgid=89 tty=(none) ses=4 comm="lmtp"
exe="/usr/libexec/postfix/lmtp"
subj=unconfined_u:system_r:postfix_smtp_t:s0 key=(null)
Which could be solved with the following policy:
module pf 1.0;
require {
type var_run_t;
type postfix_smtp_t;
class sock_file write;
}
#============= postfix_smtp_t ==============
allow postfix_smtp_t var_run_t:sock_file write;
Suggestions what the proper fix would be are most appreciated.
Regards,
Patrick
More information about the CentOS
mailing list