<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 12/23/2014 09:44 PM, Stephen Ingram
wrote:<br>
</div>
<blockquote
cite="mid:CAPsaoBezxdc_FHECyM009RpteLebmZQQ2nk=eG_zT+ap3iNHww@mail.gmail.com"
type="cite">
<div dir="ltr">I'm using Fedora 20 and CentOS 7 and have tried
several places to place keytab files for Postfix. Each time I'm
getting a denied message:
<div><br>
</div>
<div>
<div>type=AVC msg=audit(1419366895.530:491753): avc: denied
{ search } for pid=28412 comm="lmtp" name="postfix"
dev="xvda1" ino=1223493
scontext=system_u:system_r:postfix_smtp_t:s0
tcontext=system_u:object_r:postfix_data_t:s0 tclass=dir</div>
<div>type=SYSCALL msg=audit(1419366895.530:491753):
arch=c000003e syscall=4 success=no exit=-13 a0=7f347b8377f0
a1=7fffa6f23670 a2=7fffa6f23670 a3=7fffa6f23540 items=0
ppid=28406 pid=28412 auid=4294967295 uid=89 gid=89 euid=89
suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none)
ses=4294967295 comm="lmtp" exe="/usr/libexec/postfix/lmtp"
subj=system_u:system_r:postfix_smtp_t:s0 key=(null)</div>
</div>
<div><br>
</div>
<div>I see on the postfix_selinux man page that there is a
postfix_keytab_t type, however, even if I use this, postfix is
not able to read the credential file. Has anyone gotten this
to work?</div>
<div><br>
</div>
<div>Steve</div>
</div>
</blockquote>
What AVC do you get with the default setup? <br>
<br>
We will need to add additional rules. <br>
<blockquote
cite="mid:CAPsaoBezxdc_FHECyM009RpteLebmZQQ2nk=eG_zT+ap3iNHww@mail.gmail.com"
type="cite">
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
selinux mailing list
<a class="moz-txt-link-abbreviated" href="mailto:selinux@lists.fedoraproject.org">selinux@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/selinux">https://admin.fedoraproject.org/mailman/listinfo/selinux</a></pre>
</blockquote>
<br>
</body>
</html>