Displaying 20 results from an estimated 200 matches similar to: "Broken Selinux Postfix Policy?"
2014 Dec 05
2
Postfix avc (SELinux)
On 12/04/2014 03:22 PM, James B. Byrne wrote:
> On Thu, December 4, 2014 12:29, James B. Byrne wrote:
>> Re: SELinux. Do I just build a local policy or is there some boolean setting
>> needed to handle this? I could not find one if there is but. . .
>>
> Anyone see any problem with generating a custom policy consisting of the
> following?
>
> grep avc
2014 Dec 04
3
Postfix avc (SELinux)
I am seeing these avc messages on a newly commissioned and up-to-date CentOs-6
virtual guest:
----
time->Thu Dec 4 12:14:58 2014
type=SYSCALL msg=audit(1417713298.610:60522): arch=c000003e syscall=2
success=no exit=-13 a0=7fd70e6de1e6 a1=0 a2=1b6 a3=0 items=0 ppid=2698
pid=4294 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=2784 comm="trivial-rewrite"
2012 Oct 22
1
SELinux AVC problem postfix <-> dspam
Hi,
I guess this is a bit OT but perhaps someone has encountered this issue
before. On a CentOS 6.3 x86_64 box I have installed postfix and dspam
from EPEL. Dspam is configured to listen on port 10026. After having
configured dspam and postfix I start dspam and then postfix and I see
the following AVC message in audit.log:
type=AVC msg=audit(1350920492.936:400): avc: denied { name_bind }
2014 Apr 23
1
SELInux and POSTFIX
Installed Packages
Name : postfix
Arch : x86_64
Epoch : 2
Version : 2.6.6
Release : 6.el6_5
Size : 9.7 M
Repo : installed
>From repo : updates
I am seeing several of these in our maillog file after a restart of the
Postfix service:
Apr 23 12:48:27 inet08 setroubleshoot: SELinux is preventing
/usr/libexec/postfix/smtp from 'read, write'
2014 Dec 04
0
Postfix avc (SELinux)
On Thu, December 4, 2014 12:29, James B. Byrne wrote:
>
> Re: SELinux. Do I just build a local policy or is there some boolean setting
> needed to handle this? I could not find one if there is but. . .
>
Anyone see any problem with generating a custom policy consisting of the
following?
grep avc /var/log/audit/audit.log | audit2allow
#============= amavis_t ==============
allow
2014 Dec 05
0
Postfix avc (SELinux)
On Fri, December 5, 2014 04:53, Daniel J Walsh wrote:
>
> On 12/04/2014 03:22 PM, James B. Byrne wrote:
>> On Thu, December 4, 2014 12:29, James B. Byrne wrote:
>>> Re: SELinux. Do I just build a local policy or is there some boolean
>>> setting
>>> needed to handle this? I could not find one if there is but. . .
>>>
>> Anyone see any problem
2009 Oct 04
2
deliver stopped working
Hi:
I have been using Dovecot for well over a year now and it has always worked with few
problems. The mail setup is not simple...
Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major
things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and
control is local.
About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an
2012 Jun 15
1
Puppet + Passenger SELinux issues
I recently setup my Puppetmaster server to run through Passenger via Apache
instead of on the default webrick web server. SELinux made that not work
and I've found some documentation on making rules to allow it however mine
won't load. This is the policy I found via this website,
http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/
.
module
2017 Apr 28
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/28/2017 12:06 AM, Robert Moskowitz wrote:
>
> Here are the messages I got:
>
> type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh }
> for pid=3047 comm="cleanup"
> scontext=system_u:system_r:postfix_master_t:s0
> tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process
> permissive=1
My advice would be to slow down, and solve
2009 Apr 15
2
SELinux and "i_stream_read() failed: Permission denied"
Not a problem ... sharing a solution (this time)! Please correct my
understanding of the process, if required.
"i_stream_read() failed: Permission denied" is an error message generated
when a large-ish file (>128kb in my case) is attached to a message that
has been passed to Dovecot's deliver program when SELinux is being
enforced.
In my case, these messages are first run
2016 Aug 16
2
Need SELinux help
Hi All,
Fedora Core 24, x64
samba-4.4.5-1.fc24.x86_64
I am using the following direction to set up SELinux with Samba:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Confined_Services/sect-Managing_Confined_Services-Samba-Configuration_examples.html
to set up SELinux with Samba
1) I created a directory called /export
# ls -al /export
total 28
2017 Apr 26
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/26/2017 12:29 AM, Robert Moskowitz wrote:
> But the policy generates errors. I will have to submit a bug report,
> it seems
A bug report would probably be helpful.
I'm looking back at the message you wrote describing errors in
ld-2.17.so. I think what's happening is that the policy on your system
includes a silent rule that somehow breaks your system. You'll need
2017 Apr 28
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Gordon,
Thank you for your help on this. Still not working...
On 04/26/2017 06:27 PM, Gordon Messmer wrote:
> On 04/26/2017 12:29 AM, Robert Moskowitz wrote:
>> But the policy generates errors. I will have to submit a bug report,
>> it seems
>
>
> A bug report would probably be helpful.
>
> I'm looking back at the message you wrote describing errors in
>
2015 Mar 27
5
postfix sasl -> haproxy -> dovecot auth
Hello,
is it possible to configure configure haproxy to work with postfix sasl and dovecot auth like this:
clients -> 25:postfix -> 20025:haproxy -> 20025:auth-backend-1, 20025:auth-backend-2
The configuration I have now gives me this error randomly:
535 5.7.8 Error: authentication failed: Connection lost to authentication server
This is probably because haproxy change servers while
2015 Mar 27
1
postfix sasl -> haproxy -> dovecot auth
Gedalya skrev den 2015-03-27 14:48:
>> is it possible to configure configure haproxy to work with postfix
>> sasl and dovecot auth like this:
>> clients -> 25:postfix -> 20025:haproxy -> 20025:auth-backend-1,
>> 20025:auth-backend-2
> Why don't you set up a dovecot locally (with only auth service) on
> each postfix box?
cyrus-sasl is still needed, and
2014 Dec 09
0
Postfix avc (SELinux)
On Mon, December 8, 2014 20:01, Daniel J Walsh wrote:
>
> rpm -q selinux-policy
>
> selinux-policy-3.7.19-260.el6 is the current policy in development.
>>
Thank you.
>>>> #============= postfix_showq_t ==============
>>>> allow postfix_showq_t tmp_t:dir read;
>>> Any reason postfix would be listing the contents of /tmp or /var/tmp?
>>>
2014 Dec 12
0
More avc's wrt to email
CentOS-6.6
Postfix-2.11.1 (local)
ClamAV-0.98.5 (epel)
Amavisd-new-2.9.1 (epel)
opendkim-2.9.0 (centos)
pypolicyd-spf-1.3.1 (epel)
Is there something going on in selinuxland with respect to clamav, amavisd-new
and postfix? Since the most recent update of clamav I seem to be detecting
more avc's. It may be that it is because I am looking for them more
frequently but it seems to me that
2017 Apr 28
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On Fri, 28 Apr 2017, Gordon Messmer wrote:
> On 04/28/2017 12:06 AM, Robert Moskowitz wrote:
>>
>> Here are the messages I got:
>>
>> type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } for
>> pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0
>> tcontext=system_u:system_r:postfix_cleanup_t:s0
2017 Jan 23
2
SELinux file permissions
Thanks for the pointer, will take a look down that route.
Could you confirm the below is expected behaviour on Centos ?
# semanage fcontext -a -t my_postfixauth_private_t
"/var/spool/postfix/private(/.*)?"
ValueError: Type my_postfixauth_private_t is invalid, must be a file
or device type
On 23 January 2017 at 19:06, Lukas Zapletal <lukas at zapletalovi.com> wrote:
> Hello,
2012 Aug 24
3
ifelse problem - bug or operator error
Hi R-Helpers,
I don't think I need to post a dataset for this question but if I do, I
can. Anyway, I am having a lot of trouble with the ifelse command.
Here is my code:
vn$PM.DIST_flag <- ifelse( (vn$PM.EXP > 0.0) & (vn$PM.DIST.TOT != 1.0), 1,
0 )
And here is my output that doesn't make ANY sense:
PM.EXP PM.DIST.TOT PM.DIST_flag 0 0 0 0 0 0 0 0 0 177502 1 0 31403