Displaying 11 results from an estimated 11 matches for "postfix_smtp_t".
Did you mean:
postfix_smtpd_t
2014 Apr 23
1
SELInux and POSTFIX
...w -M mypol
# semodule -i mypol.pp
grep 546AA6099F /var/log/audit/audit.log | audit2why
type=AVC msg=audit(1398199187.646:29332): avc: denied { getattr } for
pid=23387 comm="smtp" path="/var/spool/postfix/active/546AA6099F" dev=dm-0
ino=395679 scontext=unconfined_u:system_r:postfix_smtp_t:s0
tcontext=unconfined_u:object_r:postfix_spool_maildrop_t:s0 tclass=file
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.
type=AVC msg=audit(1398199187.646:29333): avc: denied { read write } for
pid=23387...
2012 Oct 22
1
SELinux AVC problem postfix <-> dspam
Hi,
I guess this is a bit OT but perhaps someone has encountered this issue
before. On a CentOS 6.3 x86_64 box I have installed postfix and dspam
from EPEL. Dspam is configured to listen on port 10026. After having
configured dspam and postfix I start dspam and then postfix and I see
the following AVC message in audit.log:
type=AVC msg=audit(1350920492.936:400): avc: denied { name_bind }
2014 Dec 05
2
Postfix avc (SELinux)
...stdrop_t tmp_t:dir read;
>
> #============= postfix_showq_t ==============
> allow postfix_showq_t tmp_t:dir read;
Any reason postfix would be listing the contents of /tmp or /var/tmp?
Did you put some content into these directories that have something to
do with mail?
> #============= postfix_smtp_t ==============
> allow postfix_smtp_t postfix_spool_maildrop_t:file { read write getattr };
>
>
2014 Dec 04
3
Postfix avc (SELinux)
I am seeing these avc messages on a newly commissioned and up-to-date CentOs-6
virtual guest:
----
time->Thu Dec 4 12:14:58 2014
type=SYSCALL msg=audit(1417713298.610:60522): arch=c000003e syscall=2
success=no exit=-13 a0=7fd70e6de1e6 a1=0 a2=1b6 a3=0 items=0 ppid=2698
pid=4294 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=2784 comm="trivial-rewrite"
2014 Dec 04
0
Postfix avc (SELinux)
...usr_t:lnk_file read;
#============= postfix_master_t ==============
allow postfix_master_t tmp_t:dir read;
#============= postfix_postdrop_t ==============
allow postfix_postdrop_t tmp_t:dir read;
#============= postfix_showq_t ==============
allow postfix_showq_t tmp_t:dir read;
#============= postfix_smtp_t ==============
allow postfix_smtp_t postfix_spool_maildrop_t:file { read write getattr };
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive...
2014 Dec 05
0
Postfix avc (SELinux)
...ntent into these directories that have something to
> do with mail?
That question I need put to the Postfix mailing list. I see nothing in the
spec file that bears on the matter and the tarball was pulled from:
ftp://ftp.porcupine.org/mirrors/postfix-release/official/
>> #============= postfix_smtp_t ==============
>> allow postfix_smtp_t postfix_spool_maildrop_t:file { read write getattr };
>>
>>
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne....
2014 Dec 09
0
Postfix avc (SELinux)
...t;> do with mail?
>> That question I need put to the Postfix mailing list. I see nothing in the
>> spec file that bears on the matter and the tarball was pulled from:
>>
>> ftp://ftp.porcupine.org/mirrors/postfix-release/official/
>>
>>>> #============= postfix_smtp_t ==============
>>>> allow postfix_smtp_t postfix_spool_maildrop_t:file { read write getattr };
>>>>
>>>>
I do not know why my build of Postfix is looking in /tmp. According to Wietse
Venema the base Postfix tarball does not access /tmp at all. So it must be
on...
2014 Dec 12
0
More avc's wrt to email
...sysfs_t:dir read;
allow amavis_t sysfs_t:file open;
#============= clamscan_t ==============
#!!!! The source type 'clamscan_t' can write to a 'dir' of the following types:
# clamscan_tmp_t, clamd_var_lib_t, tmp_t, root_t
allow clamscan_t amavis_spool_t:dir write;
#============= postfix_smtp_t ==============
allow postfix_smtp_t postfix_spool_maildrop_t:file open;
#============= spamd_t ==============
allow spamd_t etc_runtime_t:file append;
Is there anything wrong with just creating a local policy module for these and
loading it?
--
*** E-Mail is NOT a SECURE channel...
2017 Apr 28
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
...xt=system_u:system_r:postfix_master_t:s0
tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process permissive=1
type=AVC msg=audit(1493361695.978:49206): avc: denied { rlimitinh }
for pid=3052 comm="lmtp" scontext=system_u:system_r:postfix_master_t:s0
tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=process permissive=1
type=AVC msg=audit(1493361695.978:49206): avc: denied { siginh } for
pid=3052 comm="lmtp" scontext=system_u:system_r:postfix_master_t:s0
tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=process permissive=1
type=AVC msg=audit(1493361695.978:49206): a...
2009 Oct 04
2
deliver stopped working
...abled did no good. I created the following policy
to get rid of all of the errors in the audit log:
module local_postfix 1.0;
require {
type postfix_etc_t;
type home_root_t;
type apmd_t;
type setrans_t;
type port_t;
type etc_mail_t;
type snmpd_t;
type tmp_t;
type dovecot_deliver_t;
type postfix_smtp_t;
type nfs_t;
type var_run_t;
type usr_t;
type httpd_t;
type audisp_t;
type postfix_cleanup_t;
type inetd_t;
type portmap_t;
type postfix_pickup_t;
type hald_t;
type getty_t;
type avahi_t;
type etc_t;
type sysctl_kernel_t;
type unconfined_t;
type init_t;
type auditd_t;
type lib_t;...
2017 Apr 26
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/26/2017 12:29 AM, Robert Moskowitz wrote:
> But the policy generates errors. I will have to submit a bug report,
> it seems
A bug report would probably be helpful.
I'm looking back at the message you wrote describing errors in
ld-2.17.so. I think what's happening is that the policy on your system
includes a silent rule that somehow breaks your system. You'll need