similar to: Postfix avc (SELinux)

Displaying 20 results from an estimated 200 matches similar to: "Postfix avc (SELinux)"

2014 Dec 05
2
Postfix avc (SELinux)
On 12/04/2014 03:22 PM, James B. Byrne wrote: > On Thu, December 4, 2014 12:29, James B. Byrne wrote: >> Re: SELinux. Do I just build a local policy or is there some boolean setting >> needed to handle this? I could not find one if there is but. . . >> > Anyone see any problem with generating a custom policy consisting of the > following? > > grep avc
2014 Dec 05
0
Postfix avc (SELinux)
On Fri, December 5, 2014 04:53, Daniel J Walsh wrote: > > On 12/04/2014 03:22 PM, James B. Byrne wrote: >> On Thu, December 4, 2014 12:29, James B. Byrne wrote: >>> Re: SELinux. Do I just build a local policy or is there some boolean >>> setting >>> needed to handle this? I could not find one if there is but. . . >>> >> Anyone see any problem
2014 Dec 04
0
Postfix avc (SELinux)
On Thu, December 4, 2014 12:29, James B. Byrne wrote: > > Re: SELinux. Do I just build a local policy or is there some boolean setting > needed to handle this? I could not find one if there is but. . . > Anyone see any problem with generating a custom policy consisting of the following? grep avc /var/log/audit/audit.log | audit2allow #============= amavis_t ============== allow
2012 Oct 22
1
SELinux AVC problem postfix <-> dspam
Hi, I guess this is a bit OT but perhaps someone has encountered this issue before. On a CentOS 6.3 x86_64 box I have installed postfix and dspam from EPEL. Dspam is configured to listen on port 10026. After having configured dspam and postfix I start dspam and then postfix and I see the following AVC message in audit.log: type=AVC msg=audit(1350920492.936:400): avc: denied { name_bind }
2014 Dec 12
0
More avc's wrt to email
CentOS-6.6 Postfix-2.11.1 (local) ClamAV-0.98.5 (epel) Amavisd-new-2.9.1 (epel) opendkim-2.9.0 (centos) pypolicyd-spf-1.3.1 (epel) Is there something going on in selinuxland with respect to clamav, amavisd-new and postfix? Since the most recent update of clamav I seem to be detecting more avc's. It may be that it is because I am looking for them more frequently but it seems to me that
2009 Oct 04
2
deliver stopped working
Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an
2017 Apr 26
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/26/2017 12:29 AM, Robert Moskowitz wrote: > But the policy generates errors. I will have to submit a bug report, > it seems A bug report would probably be helpful. I'm looking back at the message you wrote describing errors in ld-2.17.so. I think what's happening is that the policy on your system includes a silent rule that somehow breaks your system. You'll need
2009 Apr 15
2
SELinux and "i_stream_read() failed: Permission denied"
Not a problem ... sharing a solution (this time)! Please correct my understanding of the process, if required. "i_stream_read() failed: Permission denied" is an error message generated when a large-ish file (>128kb in my case) is attached to a message that has been passed to Dovecot's deliver program when SELinux is being enforced. In my case, these messages are first run
2014 Dec 09
0
Postfix avc (SELinux)
On Mon, December 8, 2014 20:01, Daniel J Walsh wrote: > > rpm -q selinux-policy > > selinux-policy-3.7.19-260.el6 is the current policy in development. >> Thank you. >>>> #============= postfix_showq_t ============== >>>> allow postfix_showq_t tmp_t:dir read; >>> Any reason postfix would be listing the contents of /tmp or /var/tmp? >>>
2015 Oct 27
0
CentOS-6.6 SELinux questions
we have remote server running as a guest instance on a kvm host. This server acts as a public MX service for our domains along with providing a backup for our Mailman mailing lists. It also has a slave named service. while tracking down a separate problem I discovered these avc anomalies and ran audit2allow to see what was required to eliminate them. All the software is either from CentOS or
2008 Aug 10
7
SELinux
Hi list, I've knocked up a contribution on SELinux here: http://wiki.centos.org/HowTos/SELinux I've tried to pitch it as an introduction for those not already familiar with SELinux but also hopefully a useful reference. I'm relatively new to SELinux and have covered pretty much everything I know to the limits of my limited knowledge. If folks think other material needs to be
2014 Dec 11
0
CentOS-6 Another email related AVC
CentOS-6.6 Postfix-2.11.1 (local) ClamAV-0.98.5 (epel) Amavisd-new-2.9.1 (epel) opendkim-2.9.0 (centos) pypolicyd-spf-1.3.1 (epel) /var/log/maillog Dec 11 16:52:09 inet18 setroubleshoot: SELinux is preventing /usr/bin/perl from read access on the file online. For complete SELinux messages. run sealert -l 62006e35-dcc8-4a4f-8e10-9f34757f3a4a Dec 11 16:52:10 inet18 setroubleshoot: SELinux is
2015 Apr 26
2
Broken Selinux Postfix Policy?
Trying to restart postfix installed from yum. Restart fails, I get: type=AVC msg=audit(1430429813.721:12167): avc: denied { unlink } for pid=31624 comm="master" name="defer" dev="dm-0" ino=981632 scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 tclass=sock_file I guess it needs to remove the
2007 Jul 19
1
semodule - global requirements not met
I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've got it working well enough that I can switch selinux enforcing back on again. I've done the usual- - grab a chunk of the audit.log that is relevant to all the actions that would be denied. - do 'cat audit.log | audit2allow -M amavis' to generate the module - amavis.te looks like: module amavis 1.0;
2008 Aug 23
2
CentOS 5.2 + SELinux + Apache/PHP + Postfix
Hi All, I'm running CentOS 5.2 with SELinux in enforcing mode (default targeted policy). The server hosts a PHP web app that sends mail. I'm getting the following errors (see end of message) in my selinux audit.log file every time the app sends an email. The email always seems to get sent successfully, despite the log messages. However, they do concern me and I would like to understand
2005 Mar 03
11
PostgreSQL & SELinux problem
Hi. I just installed Centos 4. I''m pretty sure that I chose to have it install postgresql but when the system came up, it wasn''t there. No worries. I installed it from the net with ''yum''. Unfortunately, when I started it up and it tried to init the database, I got a bunch of SELinux errors: Mar 3 13:24:22 dirty kernel: audit(1109874262.006:0): avc:
2017 Apr 28
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/28/2017 12:06 AM, Robert Moskowitz wrote: > > Here are the messages I got: > > type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } > for pid=3047 comm="cleanup" > scontext=system_u:system_r:postfix_master_t:s0 > tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process > permissive=1 My advice would be to slow down, and solve
2015 Oct 09
2
CentOS-6 SSHD chroot SELinux problem
I run a sshd host solely to allow employees to tunnel secure connections to our internal hosts. Some of which do not support encrypted protocols. These connections are chroot'ed via the following in /etc/ssh/sshd_config Match Group !wheel,!xxxxxx,yyyyy AllowTcpForwarding yes ChrootDirectory /home/yyyyy X11Forwarding yes Where external users belong to group yyyyy (primary). We
2007 Dec 10
1
SELinux and Perl script using sendmail
I have a webpage feedback form that uses a Perl script to send e-mails with "| /usr/sbin/sendmail -t". It works just fine, but SELinux is complaining about it: SELinux is preventing /usr/sbin/postdrop (postfix_postdrop_t) "getattr" to pipe:[41117] (httpd_t) I'm a SELinux newb so I don't know what (if anything) to do about it. Suggestions? Miark
2020 Sep 24
2
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
On Thu, Sep 24, 2020 at 12:39:02PM +0200, Pino Toscano wrote: ... > There are various cases when, even of an enforcing system, labels are > not kept up-to-date: > > $ getenforce > Enforcing > $ touch /tmp/test > $ ls -lZ /tmp/test > -rw-rw-r--. 1 ptoscano ptoscano unconfined_u:object_r:user_tmp_t:s0 0 Sep 24 12:26 /tmp/test > $ mv /tmp/test ~/var/ > $ ls -lZ