Hi all,
I need to set up a procmail rule that receives an aliases file via
email, saves it within the home directory of the user receiving the
email, and builds a postfix hash map out of it with postalias.
There were various selinux denied messages associated with the work the
script has to do, which I fixed incrementally with several test runs of
the script combined with audit2allow, yielding this eventual policy:
module aliasupdate 1.0;
require {
type postfix_postdrop_t;
type user_home_t;
type postfix_master_exec_t;
type procmail_t;
class file { getattr append read open execute execute_no_trans };
}
allow postfix_postdrop_t user_home_t:file { getattr append };
allow procmail_t postfix_master_exec_t:file execute_no_trans;
allow procmail_t postfix_master_exec_t:file { read execute open getattr };
Now, however, I'm still getting a permission problem. From my procmail log:
postalias: fatal: open /etc/postfix/main.cf: Permission denied
I know this is an selinux issue, since the problem goes away if I do
"setenforce 0", but here's the weird thing: when this error occurs,
nothing gets logged in either /var/log/messages or
/var/log/audit/audit.log, so I can't figure out how to fix my selinux
policy to allow whatever action is being denied here.
Can somebody help me figure out why selinux would fail to log any sort
of message when blocking access, and what I can do to fix it?
Thank you,
Jonathan Kamens