search for: system_mail_t

...reate policy rules to allow these actions. But I don't want to do that without understanding the implications. For reference, audit2allow suggests the following policy additions: #============= postfix_postdrop_t ============== allow postfix_postdrop_t httpd_log_t:file getattr; #============= system_mail_t ============== allow system_mail_t httpd_t:file read; allow system_mail_t httpd_tmp_t:file { read write }; Any help greatly appreciated. Thanks! Sam ------------------------------------------------------------------------------------------- type=AVC msg=audit(1219458556.400:16996): avc: denie...

...w < /var/log/audit.log as I find it easier to read quickly): allow postfix_postdrop_t rpm_t:tcp_socket { read write }; allow postfix_postdrop_t rpm_var_lib_t:file { read write }; allow postfix_postdrop_t user_home_t:file { getattr append }; allow postfix_postdrop_t var_lib_t:file write; allow system_mail_t rpm_t:tcp_socket { read write }; allow system_mail_t rpm_var_lib_t:file { read write }; allow system_mail_t var_lib_t:file write; I've been getting the latter set continously since the upgrade. The first set appeared briefly when I did a 'setenforce 0' to diagnose a spamc_t issue with...

...ending out mail, possible by fail2ban, since we run postfix on that host and the sendmail SMTP package is not installed. type=AVC msg=audit(1421683972.826:4376): avc: denied { read } for pid=22796 comm="sendmail" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access. SELinux is preventing /usr/sbin/sendmail.postfix from read access on...

...attr execute_no_trans }; allow fail2ban_t insmod_exec_t:file { read execute open }; allow fail2ban_t self:capability { net_admin net_raw }; allow fail2ban_t self:rawip_socket { getopt create setopt }; allow fail2ban_t sysctl_kernel_t:dir search; allow fail2ban_t sysctl_modprobe_t:file read; allow system_mail_t inotifyfs_t:dir read; I am not sure whether this issue is the result of something that we have done or left undone. We have another host configured in much the same fashion as this one and it does not display these errors. On the other hand the second host was installed several years ago and ha...