Displaying 20 results from an estimated 200 matches similar to: "Postfix avc (SELinux)"
2014 Dec 05
2
Postfix avc (SELinux)
On 12/04/2014 03:22 PM, James B. Byrne wrote:
> On Thu, December 4, 2014 12:29, James B. Byrne wrote:
>> Re: SELinux. Do I just build a local policy or is there some boolean setting
>> needed to handle this? I could not find one if there is but. . .
>>
> Anyone see any problem with generating a custom policy consisting of the
> following?
>
> grep avc
2014 Dec 05
0
Postfix avc (SELinux)
On Fri, December 5, 2014 04:53, Daniel J Walsh wrote:
>
> On 12/04/2014 03:22 PM, James B. Byrne wrote:
>> On Thu, December 4, 2014 12:29, James B. Byrne wrote:
>>> Re: SELinux. Do I just build a local policy or is there some boolean
>>> setting
>>> needed to handle this? I could not find one if there is but. . .
>>>
>> Anyone see any problem
2014 Dec 04
0
Postfix avc (SELinux)
On Thu, December 4, 2014 12:29, James B. Byrne wrote:
>
> Re: SELinux. Do I just build a local policy or is there some boolean setting
> needed to handle this? I could not find one if there is but. . .
>
Anyone see any problem with generating a custom policy consisting of the
following?
grep avc /var/log/audit/audit.log | audit2allow
#============= amavis_t ==============
allow
2012 Oct 22
1
SELinux AVC problem postfix <-> dspam
Hi,
I guess this is a bit OT but perhaps someone has encountered this issue
before. On a CentOS 6.3 x86_64 box I have installed postfix and dspam
from EPEL. Dspam is configured to listen on port 10026. After having
configured dspam and postfix I start dspam and then postfix and I see
the following AVC message in audit.log:
type=AVC msg=audit(1350920492.936:400): avc: denied { name_bind }
2014 Dec 12
0
More avc's wrt to email
CentOS-6.6
Postfix-2.11.1 (local)
ClamAV-0.98.5 (epel)
Amavisd-new-2.9.1 (epel)
opendkim-2.9.0 (centos)
pypolicyd-spf-1.3.1 (epel)
Is there something going on in selinuxland with respect to clamav, amavisd-new
and postfix? Since the most recent update of clamav I seem to be detecting
more avc's. It may be that it is because I am looking for them more
frequently but it seems to me that
2009 Oct 04
2
deliver stopped working
Hi:
I have been using Dovecot for well over a year now and it has always worked with few
problems. The mail setup is not simple...
Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major
things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and
control is local.
About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an
2017 Apr 26
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/26/2017 12:29 AM, Robert Moskowitz wrote:
> But the policy generates errors. I will have to submit a bug report,
> it seems
A bug report would probably be helpful.
I'm looking back at the message you wrote describing errors in
ld-2.17.so. I think what's happening is that the policy on your system
includes a silent rule that somehow breaks your system. You'll need
2009 Apr 15
2
SELinux and "i_stream_read() failed: Permission denied"
Not a problem ... sharing a solution (this time)! Please correct my
understanding of the process, if required.
"i_stream_read() failed: Permission denied" is an error message generated
when a large-ish file (>128kb in my case) is attached to a message that
has been passed to Dovecot's deliver program when SELinux is being
enforced.
In my case, these messages are first run
2014 Dec 09
0
Postfix avc (SELinux)
On Mon, December 8, 2014 20:01, Daniel J Walsh wrote:
>
> rpm -q selinux-policy
>
> selinux-policy-3.7.19-260.el6 is the current policy in development.
>>
Thank you.
>>>> #============= postfix_showq_t ==============
>>>> allow postfix_showq_t tmp_t:dir read;
>>> Any reason postfix would be listing the contents of /tmp or /var/tmp?
>>>
2015 Oct 27
0
CentOS-6.6 SELinux questions
we have remote server running as a guest instance on a kvm host. This
server acts as a public MX service for our domains along with
providing a backup for our Mailman mailing lists. It also has a slave
named service.
while tracking down a separate problem I discovered these avc
anomalies and ran audit2allow to see what was required to eliminate
them. All the software is either from CentOS or
2008 Aug 10
7
SELinux
Hi list,
I've knocked up a contribution on SELinux here:
http://wiki.centos.org/HowTos/SELinux
I've tried to pitch it as an introduction for those not already familiar
with SELinux but also hopefully a useful reference.
I'm relatively new to SELinux and have covered pretty much everything I
know to the limits of my limited knowledge. If folks think other
material needs to be
2014 Dec 11
0
CentOS-6 Another email related AVC
CentOS-6.6
Postfix-2.11.1 (local)
ClamAV-0.98.5 (epel)
Amavisd-new-2.9.1 (epel)
opendkim-2.9.0 (centos)
pypolicyd-spf-1.3.1 (epel)
/var/log/maillog
Dec 11 16:52:09 inet18 setroubleshoot: SELinux is preventing /usr/bin/perl
from read access on the file online. For complete SELinux messages. run
sealert -l 62006e35-dcc8-4a4f-8e10-9f34757f3a4a
Dec 11 16:52:10 inet18 setroubleshoot: SELinux is
2015 Apr 26
2
Broken Selinux Postfix Policy?
Trying to restart postfix installed from yum. Restart fails, I get:
type=AVC msg=audit(1430429813.721:12167): avc: denied { unlink } for
pid=31624 comm="master" name="defer" dev="dm-0" ino=981632
scontext=system_u:system_r:postfix_master_t:s0
tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 tclass=sock_file
I guess it needs to remove the
2007 Jul 19
1
semodule - global requirements not met
I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've
got it working well enough that I can switch selinux enforcing back on
again.
I've done the usual-
- grab a chunk of the audit.log that is relevant to all the actions
that would be denied.
- do 'cat audit.log | audit2allow -M amavis' to generate the module
- amavis.te looks like:
module amavis 1.0;
2008 Aug 23
2
CentOS 5.2 + SELinux + Apache/PHP + Postfix
Hi All,
I'm running CentOS 5.2 with SELinux in enforcing mode (default
targeted policy). The server hosts a PHP web app that sends mail. I'm
getting the following errors (see end of message) in my selinux
audit.log file every time the app sends an email. The email always
seems to get sent successfully, despite the log messages. However,
they do concern me and I would like to understand
2005 Mar 03
11
PostgreSQL & SELinux problem
Hi.
I just installed Centos 4. I''m pretty sure that I chose to have it
install postgresql but when the system came up, it wasn''t there. No
worries. I installed it from the net with ''yum''. Unfortunately, when I
started it up and it tried to init the database, I got a bunch of
SELinux errors:
Mar 3 13:24:22 dirty kernel: audit(1109874262.006:0): avc:
2017 Apr 28
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/28/2017 12:06 AM, Robert Moskowitz wrote:
>
> Here are the messages I got:
>
> type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh }
> for pid=3047 comm="cleanup"
> scontext=system_u:system_r:postfix_master_t:s0
> tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process
> permissive=1
My advice would be to slow down, and solve
2015 Oct 09
2
CentOS-6 SSHD chroot SELinux problem
I run a sshd host solely to allow employees to tunnel secure
connections to our internal hosts. Some of which do not support
encrypted protocols. These connections are chroot'ed via the
following in /etc/ssh/sshd_config
Match Group !wheel,!xxxxxx,yyyyy
AllowTcpForwarding yes
ChrootDirectory /home/yyyyy
X11Forwarding yes
Where external users belong to group yyyyy (primary).
We
2007 Dec 10
1
SELinux and Perl script using sendmail
I have a webpage feedback form that uses a Perl script to
send e-mails with "| /usr/sbin/sendmail -t". It works
just fine, but SELinux is complaining about it:
SELinux is preventing /usr/sbin/postdrop (postfix_postdrop_t)
"getattr" to pipe:[41117] (httpd_t)
I'm a SELinux newb so I don't know what (if anything) to do
about it. Suggestions?
Miark
2020 Sep 24
2
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
On Thu, Sep 24, 2020 at 12:39:02PM +0200, Pino Toscano wrote:
...
> There are various cases when, even of an enforcing system, labels are
> not kept up-to-date:
>
> $ getenforce
> Enforcing
> $ touch /tmp/test
> $ ls -lZ /tmp/test
> -rw-rw-r--. 1 ptoscano ptoscano unconfined_u:object_r:user_tmp_t:s0 0 Sep 24 12:26 /tmp/test
> $ mv /tmp/test ~/var/
> $ ls -lZ