search for: postfix_cleanup_t

...ogress in allowing postfix to write to the socket. I'm getting stuck on the following audit.log error, though. type=AVC msg=audit(1210016235.033:6265): avc: denied { use } for pid=17995 comm="cleanup" path="socket:[372498]" dev=sockfs ino=372498 scontext=root:system_r:postfix_cleanup_t:s0 tcontext=root:system_r:postfix_smtpd_t:s0 tclass=fd type=SYSCALL msg=audit(1210016235.033:6265): arch=c000003e syscall=47 success=yes exit=1 a0=9 a1=7fff0ec2f220 a2=0 a3=0 items=0 ppid=17983 pid=17995 auid=0 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) comm=&quo...

Hello, Does anyone have a sample SELinux policy for dkim-milter? I'm using the configuration from this page: http://www.howtoforge.com/set-up-dkim-for-multiple-domains-on-postfix-with-dkim-milter-2.8.x-centos-5.3 Along with the latest RPM from the link on that page. Regards, Ben -- Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes Systems Administrator, Writer, ICT

On 04/28/2017 12:06 AM, Robert Moskowitz wrote: > > Here are the messages I got: > > type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } > for pid=3047 comm="cleanup" > scontext=system_u:system_r:postfix_master_t:s0 > tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process > permissive=1 My advice would be to slow down, and solve one problem at a time. We were talking about testing dovecot, and now you're testing postfix. I know you need them both to work, but these are separate services, with their own individual policies. If you'...

...cal_t; type puppet_etc_t; type setfiles_t; type rpm_t; type unlabeled_t; type var_run_t; type kernel_t; type puppet_var_run_t; type puppet_var_lib_t; type auditd_t; type httpd_t; type rpm_var_lib_t; type postfix_cleanup_t; type postfix_master_t; type inetd_t; type udev_t; type mysqld_safe_t; type postfix_pickup_t; type sshd_t; type crond_t; type getty_t; type postfix_qmgr_t; type ntpd_t; class sock_file { write unlink open };...

On 04/26/2017 12:29 AM, Robert Moskowitz wrote: > But the policy generates errors. I will have to submit a bug report, > it seems A bug report would probably be helpful. I'm looking back at the message you wrote describing errors in ld-2.17.so. I think what's happening is that the policy on your system includes a silent rule that somehow breaks your system. You'll need

...combination) of rules that is causing dovecot > to crash and log a backtrace. Here are the messages I got: type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } for pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process permissive=1 type=AVC msg=audit(1493361695.041:49205): avc: denied { siginh } for pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process permissive=1 type=AVC msg=audit(1493361695.041:492...

...og: module local_postfix 1.0; require { type postfix_etc_t; type home_root_t; type apmd_t; type setrans_t; type port_t; type etc_mail_t; type snmpd_t; type tmp_t; type dovecot_deliver_t; type postfix_smtp_t; type nfs_t; type var_run_t; type usr_t; type httpd_t; type audisp_t; type postfix_cleanup_t; type inetd_t; type portmap_t; type postfix_pickup_t; type hald_t; type getty_t; type avahi_t; type etc_t; type sysctl_kernel_t; type unconfined_t; type init_t; type auditd_t; type lib_t; type dovecot_auth_t; type syslogd_t; type hostname_exec_t; type postfix_smtpd_t; type var_spoo...

...06 AM, Robert Moskowitz wrote: >> >> Here are the messages I got: >> >> type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } for >> pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0 >> tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process >> permissive=1 > > > My advice would be to slow down, and solve one problem at a time. We were > talking about testing dovecot, and now you're testing postfix. I know you > need them both to work, but these are separate services, with their own >...