search for: postfix_master_t

...listen on port 10026. After having configured dspam and postfix I start dspam and then postfix and I see the following AVC message in audit.log: type=AVC msg=audit(1350920492.936:400): avc: denied { name_bind } for pid=19971 comm="master" src=10026 scontext=unconfined_u:system_r:postfix_master_t:s0 tcontext=system_u:object_r:postfix_master_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1350920492.936:400): arch=c000003e syscall=49 success=no exit=-13 a0=5b a1=7f015fa63b30 a2=10 a3=7fff6b2bf89c items=0 ppid=1 pid=19971 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=...

...arch=c000003e syscall=2 success=no exit=-13 a0=7fd70e6de1e6 a1=0 a2=1b6 a3=0 items=0 ppid=2698 pid=4294 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2784 comm="trivial-rewrite" exe="/usr/libexec/postfix/trivial-rewrite" subj=unconfined_u:system_r:postfix_master_t:s0 key=(null) type=AVC msg=audit(1417713298.610:60522): avc: denied { read } for pid=4294 comm="trivial-rewrite" name="tmp" dev=dm-0 ino=393240 scontext=unconfined_u:system_r:postfix_master_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir We are using a locally built Post...

...rm that you've > found one (or a minimal combination) of rules that is causing dovecot > to crash and log a backtrace. Here are the messages I got: type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } for pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process permissive=1 type=AVC msg=audit(1493361695.041:49205): avc: denied { siginh } for pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process p...

...====== > allow clamscan_t amavis_spool_t:dir read; In the latest rhel6 policies amavas_t and clamscan_t have been merged into antivirus_t? Is you selinux-policy up 2 date? > #============= logwatch_mail_t ============== > allow logwatch_mail_t usr_t:lnk_file read; > > #============= postfix_master_t ============== > allow postfix_master_t tmp_t:dir read; > > #============= postfix_postdrop_t ============== > allow postfix_postdrop_t tmp_t:dir read; > > #============= postfix_showq_t ============== > allow postfix_showq_t tmp_t:dir read; Any reason postfix would be listing...

On 04/26/2017 12:29 AM, Robert Moskowitz wrote: > But the policy generates errors. I will have to submit a bug report, > it seems A bug report would probably be helpful. I'm looking back at the message you wrote describing errors in ld-2.17.so. I think what's happening is that the policy on your system includes a silent rule that somehow breaks your system. You'll need

Trying to restart postfix installed from yum. Restart fails, I get: type=AVC msg=audit(1430429813.721:12167): avc: denied { unlink } for pid=31624 comm="master" name="defer" dev="dm-0" ino=981632 scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 tclass=sock_file I guess it needs to remove the /var/spool/postfix/defer socket file. audit2allow says this will fix it: allow postfix_master_t postfix_spool_maildrop_t:sock_file unlink; But how do I add this permission to the existing P...

On 04/28/2017 12:06 AM, Robert Moskowitz wrote: > > Here are the messages I got: > > type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } > for pid=3047 comm="cleanup" > scontext=system_u:system_r:postfix_master_t:s0 > tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process > permissive=1 My advice would be to slow down, and solve one problem at a time. We were talking about testing dovecot, and now you're testing postfix. I know you need them both to work, but these are separate serv...

...uditd_t; type lib_t; type dovecot_auth_t; type syslogd_t; type hostname_exec_t; type postfix_smtpd_t; type var_spool_t; type system_dbusd_t; type mysqld_etc_t; type initrc_t; type proc_t; type restorecond_t; type etc_runtime_t; type postfix_bounce_t; type ntpd_t; type kernel_t; type postfix_master_t; type rpcd_t; type dovecot_t; type klogd_t; type udev_t; type clamd_t; type mysqld_port_t; type initrc_var_run_t; type var_t; type postfix_qmgr_t; type postfix_pipe_t; type crond_t; class process ptrace; class unix_stream_socket connectto; class tcp_socket { name_bind name_connect };...

...======== amavis_t ============== allow amavis_t shell_exec_t:file execute; allow amavis_t sysfs_t:dir search; #============= clamscan_t ============== allow clamscan_t amavis_spool_t:dir read; #============= logwatch_mail_t ============== allow logwatch_mail_t usr_t:lnk_file read; #============= postfix_master_t ============== allow postfix_master_t tmp_t:dir read; #============= postfix_postdrop_t ============== allow postfix_postdrop_t tmp_t:dir read; #============= postfix_showq_t ============== allow postfix_showq_t tmp_t:dir read; #============= postfix_smtp_t ============== allow postfix_smtp_t po...

...fficial CentOS-6 repositories. Does this change apply only to 7 or has it been backported? Both amavisd-new and clamav are provided via the epel repository. >> #============= logwatch_mail_t ============== >> allow logwatch_mail_t usr_t:lnk_file read; >> >> #============= postfix_master_t ============== >> allow postfix_master_t tmp_t:dir read; >> >> #============= postfix_postdrop_t ============== >> allow postfix_postdrop_t tmp_t:dir read; >> >> #============= postfix_showq_t ============== >> allow postfix_showq_t tmp_t:dir read; > An...

...; type setfiles_t; type rpm_t; type unlabeled_t; type var_run_t; type kernel_t; type puppet_var_run_t; type puppet_var_lib_t; type auditd_t; type httpd_t; type rpm_var_lib_t; type postfix_cleanup_t; type postfix_master_t; type inetd_t; type udev_t; type mysqld_safe_t; type postfix_pickup_t; type sshd_t; type crond_t; type getty_t; type postfix_qmgr_t; type ntpd_t; class sock_file { write unlink open }; class capability { sys_res...

...t_deliver_t; type dovecot_deliver_exec_t; type dovecot_var_log_t; type etc_runtime_t; type fs_t; type home_root_t; type httpd_config_t; type httpd_t; type initrc_t; type postfix_etc_t; type postfix_local_t; type postfix_master_t; type postfix_postdrop_t; type postfix_postqueue_exec_t; type postfix_public_t; type postfix_pipe_t; type sendmail_t; type sendmail_exec_t; type src_t; type tmp_t; type usr_t; type user_home_dir_t; type user_hom...

...8 Apr 2017, Gordon Messmer wrote: > On 04/28/2017 12:06 AM, Robert Moskowitz wrote: >> >> Here are the messages I got: >> >> type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } for >> pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0 >> tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process >> permissive=1 > > > My advice would be to slow down, and solve one problem at a time. We were > talking about testing dovecot, and now you're testing postfix. I know you > need them both to wo...