hi,
when trying to relay e-mail using SASL authentication on a
ipa centos domain I get this this on audit.log:
type=AVC msg=audit(1395749719.107:875): avc: denied {
unlink } for pid=4229 comm="smtpd" name="smtp_89"
dev=dm-0 ino=265669
scontext=unconfined_u:system_r:postfix_smtpd_t:s0
tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
type=AVC msg=audit(1395749719.109:876): avc: denied {
getattr } for pid=4229 comm="smtpd"
path="/var/tmp/smtp_89" dev=dm-0 ino=265669
scontext=unconfined_u:system_r:postfix_smtpd_t:s0
tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
type=AVC msg=audit(1395749719.109:877): avc: denied {
unlink } for pid=4229 comm="smtpd" name="smtp_89"
dev=dm-0 ino=265669
scontext=unconfined_u:system_r:postfix_smtpd_t:s0
tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
type=AVC msg=audit(1395749719.110:878): avc: denied {
getattr } for pid=4229 comm="smtpd"
path="/var/tmp/smtp_89" dev=dm-0 ino=265669
scontext=unconfined_u:system_r:postfix_smtpd_t:s0
tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
de local user postfix is indeed id 89. In /var/tmp/smtp_89 I
have the kerberos ticket that the relay server is using
(
-rw-------. root root
system_u:object_r:krb5_host_rcache_t:s0 host_0
-rw-------. postfix postfix
unconfined_u:object_r:user_tmp_t:s0 smtp_89