[CentOS] Postfix avc (SELinux)
Alexander Dalloz
ad+lists at uni-x.org
Thu Dec 4 20:04:19 UTC 2014
Am 04.12.2014 um 18:29 schrieb James B. Byrne:
> I am seeing these avc messages on a newly commissioned and up-to-date CentOs-6
> virtual guest:
>
> ----
> time->Thu Dec 4 12:14:58 2014
> type=SYSCALL msg=audit(1417713298.610:60522): arch=c000003e syscall=2
> success=no exit=-13 a0=7fd70e6de1e6 a1=0 a2=1b6 a3=0 items=0 ppid=2698
> pid=4294 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> tty=(none) ses=2784 comm="trivial-rewrite"
> exe="/usr/libexec/postfix/trivial-rewrite"
> subj=unconfined_u:system_r:postfix_master_t:s0 key=(null)
> type=AVC msg=audit(1417713298.610:60522): avc: denied { read } for pid=4294
> comm="trivial-rewrite" name="tmp" dev=dm-0 ino=393240
> scontext=unconfined_u:system_r:postfix_master_t:s0
> tcontext=system_u:object_r:tmp_t:s0 tclass=dir
>
> We are using a locally built Postfix (Postfix-2.8+ is required to support
> postscreen and CentOS only provides 2.6.6)
>
> rpm -qi postfix
> Name : postfix Relocations: (not relocatable)
> Version : 2.11.1 Vendor: (none)
> Release : 0.el6 Build Date: Thu May 15 14:38:25 2014
> Install Date: Fri Nov 28 14:57:25 2014 Build Host:
> xnet242.hamilton.harte-lyne.ca
> Group : System Environment/Daemons Source RPM:
> postfix-2.11.1-0.el6.src.rpm
> Size : 13111458 License: IBM
> Signature : (none)
> URL : http://www.postfix.org
> Summary : Postfix Mail Transport Agent
> Description :
> Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
> TLS
>
>
> Re: SELinux. Do I just build a local policy or is there some boolean setting
> needed to handle this? I could not find one if there is but. . .
>
> getsebool -a | grep postfix
> allow_postfix_local_write_mail_spool --> on
https://bugzilla.redhat.com/show_bug.cgi?id=892024
Are you sure you are really up to date on CentOS 6?
https://rhn.redhat.com/errata/RHBA-2013-1598.html is old and meanwhile
outdated. I don't have such a problem with the Postfix 2.11.3 package
from ghettoforge on a current CentOS 6.6.
Alexander
More information about the CentOS
mailing list